Possible collisions in encrypted database field bindings
Closed this issue · 0 comments
The Encryptable trait is used for handling database encryption. It supports the use of domain separation, where the domain is used for XChaCha20-Poly1305 associated data. When this domain binds to field keys, it prevents an adversary from swapping database entries without being detected.
For each type that implements Encryptable, domains are produced using concatenation of multiple input values. Some types do this in a way that doesn't admit collisions. Others, however, concatenate variable-length data in a way that does.
A straightforward solution is to modify the concatenation to prepend a fixed-sized encoding of the length of variable-length data. This is a standard approach that is already used elsewhere.
The following Encryptable implementations need this fix: