Randomly broken MLSCiphertext

Question

Randomly broken MLSCiphertext

Closed this issue 4 years ago · 2 comments

Running the interop test vectors sometimes the MLSCiphertext looks like this

 [4, 0, 1, 2, 3, 0, 1, 2, 3, 4, 5, 6, 7, 1, 1c, ae, 5, dc, 8b, 5c, 4c, ...

which translates to

group id: [0, 1, 2, 3]
epoch: 0x0001020304050607
content_type: Application

The next element should be the authenticated data vector of length up to 2^32. But it's 1c, ae, 5, dc, 8b, 5c, 4c, ..., which can't be correct. This looks like maybe the length header is missing.
Note that other times this looks correct, e.g. [0, 0, 0, 4, 1, 2, 3, 4, 1C, DE, 32, ....

Answer 1 · 2021-03-16T15:50:05.000Z

Looks like the encrypted_sender_data and authenticated_data fields are swapped in the encode/decode specification. Should be a quick fix.

Answer 2 · 2021-03-17T07:37:58.000Z

#191 has fixed this issue, thanks!