chore(crypto): CRP-2789 Use a fixed length domain separator for IBE message mask (#5028)

Author: randombit

packages/ic-vetkd-utils/src/lib.rs

@@ -369,7 +369,13 @@ impl IBEDomainSep {
         match self {
             Self::HashToMask => "ic-vetkd-bls12-381-ibe-hash-to-mask".to_owned(),
             Self::MaskSeed => "ic-vetkd-bls12-381-ibe-mask-seed".to_owned(),
-            Self::MaskMsg(len) => format!("ic-vetkd-bls12-381-ibe-mask-msg-{}", len),
+            // Zero prefix the length up to 20 digits, which is sufficient to be fixed
+            // length for any 64-bit length. This ensures all of the MaskMsg domain
+            // separators are of equal length. With how we use the domain separators, this
+            // padding isn't required - we only need uniquness - but having variable
+            // length domain separators is generally not considered a good practice and is
+            // easily avoidable here.
+            Self::MaskMsg(len) => format!("ic-vetkd-bls12-381-ibe-mask-msg-{:020}", len),
         }
     }
 }

packages/ic-vetkd-utils/tests/tests.rs

@@ -143,7 +143,7 @@ fn protocol_flow_with_fixed_rng_has_expected_outputs() {
     let ctext_bytes = ctext.serialize();
 
     assert_eq!(hex::encode(&ctext_bytes),
-               "4943204942450001a9937528bda5826cf5c7da77a5f5e46719a9748f4ea0aa491c8fba92081e5d55457ab36ec4f6335954c6d87987d0b28301bd8da166493bb537c842d20396da5a68cc9e9672fadedf1e311e0057fc906dfd37d1077ca027954c45336405e66e5e4b346b0f24bfd358a09de701654c1e0791741e4826396588440eee021df9b2398f143c");
+               "4943204942450001a9937528bda5826cf5c7da77a5f5e46719a9748f4ea0aa491c8fba92081e5d55457ab36ec4f6335954c6d87987d0b28301bd8da166493bb537c842d20396da5a68cc9e9672fadedf1e311e0057fc906dfd37d1077ca027954c45336405e66e5e4b346b0f24bfd358a09de701654c1e0791741e4826396588440eee021df9b2399f7f98");
 
     assert_eq!(
         ctext,