some update Change-Id: I91acb87febd9c74521a5afc20024229bd92438df

commit: 6499eddd8a2cdedfc99a8aef21b49dc53ef15e98 [log] [tgz]
author: Zhiyi Zhang <zhiyi@cs.ucla.edu> Wed Feb 17 22:37:21 2021 -0800
committer: Zhiyi Zhang <zhiyi@cs.ucla.edu> Wed Feb 17 22:37:21 2021 -0800
tree: de886b41728843eedb4f83be01a766724d720ed0
parent: 7cca76aeae764667da6f4ca80684439a5af8e5dc [diff] [blame]
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index f04d3df..e378314 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp

@@ -252,12 +252,6 @@
                                        "Cannot derive a shared secret using the provided ECDH key."));
     return;
   }
-  // generate salt for HKDF
-  std::array<uint8_t, 32> salt;
-  random::generateSecureBytes(salt.data(), salt.size());
-  // hkdf
-  std::array<uint8_t, 16> aesKey;
-  hkdf(sharedSecret.data(), sharedSecret.size(), salt.data(), salt.size(), aesKey.data(), aesKey.size());
 
   // verify identity name
   if (!m_config.caProfile.caPrefix.isPrefixOf(clientCert->getIdentity())
@@ -334,6 +328,13 @@
   requestState.requestId = id;
   requestState.requestType = requestType;
   requestState.cert = *clientCert;
+  // generate salt for HKDF
+  std::array<uint8_t, 32> salt;
+  random::generateSecureBytes(salt.data(), salt.size());
+  // hkdf
+  std::array<uint8_t, 16> aesKey;
+  hkdf(sharedSecret.data(), sharedSecret.size(), salt.data(), salt.size(),
+       aesKey.data(), aesKey.size(), id.data(), id.size());
   requestState.encryptionKey = aesKey;
   try {
     m_storage->addRequest(requestState);
commit	6499eddd8a2cdedfc99a8aef21b49dc53ef15e98	[log] [tgz]
author	Zhiyi Zhang <zhiyi@cs.ucla.edu>	Wed Feb 17 22:37:21 2021 -0800
committer	Zhiyi Zhang <zhiyi@cs.ucla.edu>	Wed Feb 17 22:37:21 2021 -0800
tree	de886b41728843eedb4f83be01a766724d720ed0
parent	7cca76aeae764667da6f4ca80684439a5af8e5dc [diff] [blame]