When diversifiers in Spark are decrypted, the plaintext data is truncated to fit a uint64_t. However, an adversary could have encrypted a value exceeding this (but not exceeding the AES block size), in which case any higher bits are discarded.
This should be modified. If the decrypted diversifier does not represent a valid 64-bit unsigned integer, it should be rejected as invalid.
When diversifiers in Spark are decrypted, the plaintext data is truncated to fit a
uint64_t. However, an adversary could have encrypted a value exceeding this (but not exceeding the AES block size), in which case any higher bits are discarded.This should be modified. If the decrypted diversifier does not represent a valid 64-bit unsigned integer, it should be rejected as invalid.