Details
-
Task
-
Resolution: Fixed
-
Major - P3
-
None
-
None
-
None
-
Fully Compatible
-
Security 2023-02-20
-
153
Description
The current decryptAndParse functions in these two classes require both the serverToken and the serverDerivedFromData token so that they can parse and decrypt the entire serialized blob.
However, it is often the case that only one of these tokens exist and only a certain section of the serialized blob needs to be decrypted. For example. in collScan finds, only the metadata block needs to be decrypted. During client decryption, only the user ciphertext needs to be decrypted.
The interface of these classes should be rewritten so as to allow the parse & decryption of only certain sections of the serialized data.