Serializing ciphertext with 32-bit prefixes.

armfazh · armfazh · commit 8db25b565090 · 2024-03-13T17:22:43.000-07:00
Previously, tkn20 ciphertext was encoding the ciphertext header
`C1`, the envelope `env` (containing inner ciphertext), and
macData using 16-bit prefixes, which caused a limitation on
the maximum size allowed for encrypting plaintexts.

With this change, the encoding now uses 32-bit prefixes for
these three elements allowing to encrypt plaintexts longer
than 2^16 bytes. So, ciphertexts produced by tkn20 package are
now 6 bytes longer.

Only testdata/ciphertext golden file was updated.
diff --git a/abe/cpabe/tkn20/example_test.go b/abe/cpabe/tkn20/example_test.go
@@ -132,6 +132,6 @@ func Example() {
 	// Output:
 	// (occupation:doctor and country:US)
 	// plaintext size: 27 bytes
-	// ciphertext size: 2735 bytes
+	// ciphertext size: 2741 bytes
 	// Successfully recovered plaintext
 }
diff --git a/abe/cpabe/tkn20/internal/tkn/bk.go b/abe/cpabe/tkn20/internal/tkn/bk.go
@@ -117,16 +117,16 @@ func EncryptCCA(rand io.Reader, public *PublicParams, policy *Policy, msg []byte
 	if err != nil {
 		return nil, err
 	}
-	macData := appendLenPrefixed(nil, C1)
-	macData = appendLenPrefixed(macData, env)
+	macData := appendLen32Prefixed(nil, C1)
+	macData = appendLen32Prefixed(macData, env)
 
 	tag, err := blakeMac(macKey, macData)
 	if err != nil {
 		return nil, err
 	}
 
 	ret := appendLenPrefixed(nil, id)
-	ret = appendLenPrefixed(ret, macData)
+	ret = appendLen32Prefixed(ret, macData)
 	ret = appendLenPrefixed(ret, tag)
 
 	return ret, nil
@@ -137,19 +137,19 @@ func DecryptCCA(ciphertext []byte, key *AttributesKey) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	macData, rest, err := removeLenPrefixed(rest)
+	macData, rest, err := removeLen32Prefixed(rest)
 	if err != nil {
 		return nil, err
 	}
 	tag, _, err := removeLenPrefixed(rest)
 	if err != nil {
 		return nil, err
 	}
-	C1, envRaw, err := removeLenPrefixed(macData)
+	C1, envRaw, err := removeLen32Prefixed(macData)
 	if err != nil {
 		return nil, err
 	}
-	env, _, err := removeLenPrefixed(envRaw)
+	env, _, err := removeLen32Prefixed(envRaw)
 	if err != nil {
 		return nil, err
 	}
@@ -212,11 +212,11 @@ func CouldDecrypt(ciphertext []byte, a *Attributes) bool {
 	if err != nil {
 		return false
 	}
-	macData, _, err := removeLenPrefixed(rest)
+	macData, _, err := removeLen32Prefixed(rest)
 	if err != nil {
 		return false
 	}
-	C1, _, err := removeLenPrefixed(macData)
+	C1, _, err := removeLen32Prefixed(macData)
 	if err != nil {
 		return false
 	}
@@ -241,11 +241,11 @@ func (p *Policy) ExtractFromCiphertext(ct []byte) error {
 	if err != nil {
 		return fmt.Errorf("invalid ciphertext")
 	}
-	macData, _, err := removeLenPrefixed(rest)
+	macData, _, err := removeLen32Prefixed(rest)
 	if err != nil {
 		return fmt.Errorf("invalid ciphertext")
 	}
-	C1, _, err := removeLenPrefixed(macData)
+	C1, _, err := removeLen32Prefixed(macData)
 	if err != nil {
 		return fmt.Errorf("invalid ciphertext")
 	}
diff --git a/abe/cpabe/tkn20/internal/tkn/util.go b/abe/cpabe/tkn20/internal/tkn/util.go
@@ -42,14 +42,14 @@ func HashStringToScalar(key []byte, value string) *pairing.Scalar {
 	return s
 }
 
-func appendLenPrefixed(a []byte, b []byte) []byte {
+func appendLen16Prefixed(a []byte, b []byte) []byte {
 	a = append(a, 0, 0)
 	binary.LittleEndian.PutUint16(a[len(a)-2:], uint16(len(b)))
 	a = append(a, b...)
 	return a
 }
 
-func removeLenPrefixed(data []byte) (next []byte, remainder []byte, err error) {
+func removeLen16Prefixed(data []byte) (next []byte, remainder []byte, err error) {
 	if len(data) < 2 {
 		return nil, nil, fmt.Errorf("data too short")
 	}
@@ -60,6 +60,29 @@ func removeLenPrefixed(data []byte) (next []byte, remainder []byte, err error) {
 	return data[2 : 2+itemLen], data[2+itemLen:], nil
 }
 
+var (
+	appendLenPrefixed = appendLen16Prefixed
+	removeLenPrefixed = removeLen16Prefixed
+)
+
+func appendLen32Prefixed(a []byte, b []byte) []byte {
+	a = append(a, 0, 0, 0, 0)
+	binary.LittleEndian.PutUint32(a[len(a)-4:], uint32(len(b)))
+	a = append(a, b...)
+	return a
+}
+
+func removeLen32Prefixed(data []byte) (next []byte, remainder []byte, err error) {
+	if len(data) < 4 {
+		return nil, nil, fmt.Errorf("data too short")
+	}
+	itemLen := int(binary.LittleEndian.Uint32(data))
+	if (4 + itemLen) > len(data) {
+		return nil, nil, fmt.Errorf("data too short")
+	}
+	return data[4 : 4+itemLen], data[4+itemLen:], nil
+}
+
 func marshalBinarySortedMapMatrixG1(m map[string]*matrixG1) ([]byte, error) {
 	sortedKeys := make([]string, 0, len(m))
 	for key := range m {
diff --git a/abe/cpabe/tkn20/testdata/ciphertext b/abe/cpabe/tkn20/testdata/ciphertext

Original file line number	Diff line number	Diff line change
`@@ -132,6 +132,6 @@ func Example() {`
`132`	`132`	`// Output:`
`133`	`133`	`// (occupation:doctor and country:US)`
`134`	`134`	`// plaintext size: 27 bytes`
`135`		`- // ciphertext size: 2735 bytes`
	`135`	`+ // ciphertext size: 2741 bytes`
`136`	`136`	`// Successfully recovered plaintext`
`137`	`137`	`}`
Original file line number	Diff line number	Diff line change
`@@ -117,16 +117,16 @@ func EncryptCCA(rand io.Reader, public PublicParams, policy Policy, msg []byte`
`117`	`117`	`if err != nil {`
`118`	`118`	`return nil, err`
`119`	`119`	`}`
`120`		`- macData := appendLenPrefixed(nil, C1)`
`121`		`- macData = appendLenPrefixed(macData, env)`
	`120`	`+ macData := appendLen32Prefixed(nil, C1)`
	`121`	`+ macData = appendLen32Prefixed(macData, env)`
`122`	`122`
`123`	`123`	`tag, err := blakeMac(macKey, macData)`
`124`	`124`	`if err != nil {`
`125`	`125`	`return nil, err`
`126`	`126`	`}`
`127`	`127`
`128`	`128`	`ret := appendLenPrefixed(nil, id)`
`129`		`- ret = appendLenPrefixed(ret, macData)`
	`129`	`+ ret = appendLen32Prefixed(ret, macData)`
`130`	`130`	`ret = appendLenPrefixed(ret, tag)`
`131`	`131`
`132`	`132`	`return ret, nil`
`@@ -137,19 +137,19 @@ func DecryptCCA(ciphertext []byte, key *AttributesKey) ([]byte, error) {`
`137`	`137`	`if err != nil {`
`138`	`138`	`return nil, err`
`139`	`139`	`}`
`140`		`- macData, rest, err := removeLenPrefixed(rest)`
	`140`	`+ macData, rest, err := removeLen32Prefixed(rest)`
`141`	`141`	`if err != nil {`
`142`	`142`	`return nil, err`
`143`	`143`	`}`
`144`	`144`	`tag, _, err := removeLenPrefixed(rest)`
`145`	`145`	`if err != nil {`
`146`	`146`	`return nil, err`
`147`	`147`	`}`
`148`		`- C1, envRaw, err := removeLenPrefixed(macData)`
	`148`	`+ C1, envRaw, err := removeLen32Prefixed(macData)`
`149`	`149`	`if err != nil {`
`150`	`150`	`return nil, err`
`151`	`151`	`}`
`152`		`- env, _, err := removeLenPrefixed(envRaw)`
	`152`	`+ env, _, err := removeLen32Prefixed(envRaw)`
`153`	`153`	`if err != nil {`
`154`	`154`	`return nil, err`
`155`	`155`	`}`
`@@ -212,11 +212,11 @@ func CouldDecrypt(ciphertext []byte, a *Attributes) bool {`
`212`	`212`	`if err != nil {`
`213`	`213`	`return false`
`214`	`214`	`}`
`215`		`- macData, _, err := removeLenPrefixed(rest)`
	`215`	`+ macData, _, err := removeLen32Prefixed(rest)`
`216`	`216`	`if err != nil {`
`217`	`217`	`return false`
`218`	`218`	`}`
`219`		`- C1, _, err := removeLenPrefixed(macData)`
	`219`	`+ C1, _, err := removeLen32Prefixed(macData)`
`220`	`220`	`if err != nil {`
`221`	`221`	`return false`
`222`	`222`	`}`
`@@ -241,11 +241,11 @@ func (p *Policy) ExtractFromCiphertext(ct []byte) error {`
`241`	`241`	`if err != nil {`
`242`	`242`	`return fmt.Errorf("invalid ciphertext")`
`243`	`243`	`}`
`244`		`- macData, _, err := removeLenPrefixed(rest)`
	`244`	`+ macData, _, err := removeLen32Prefixed(rest)`
`245`	`245`	`if err != nil {`
`246`	`246`	`return fmt.Errorf("invalid ciphertext")`
`247`	`247`	`}`
`248`		`- C1, _, err := removeLenPrefixed(macData)`
	`248`	`+ C1, _, err := removeLen32Prefixed(macData)`
`249`	`249`	`if err != nil {`
`250`	`250`	`return fmt.Errorf("invalid ciphertext")`
`251`	`251`	`}`