Use HKDF-derived key instead of shared secret
Change-Id: I0a96f1469e5bf28fe2ea299e835a77217ba361e0
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index c7b4291..a6855db 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp
@@ -306,8 +306,7 @@
return;
}
// decrypt the parameters
- auto paramJsonPayload = parseEncBlock(m_ecdh.context->sharedSecret,
- m_ecdh.context->sharedSecretLen,
+ auto paramJsonPayload = parseEncBlock(m_aesKey, 32,
request.getApplicationParameters());
if (paramJsonPayload.size() == 0) {
_LOG_ERROR("Got an empty buffer from content decryption.");
@@ -386,8 +385,7 @@
std::stringstream ss2;
boost::property_tree::write_json(ss2, contentJson);
auto payload = ss2.str();
- auto contentBlock = genEncBlock(tlv::Content, m_ecdh.context->sharedSecret,
- m_ecdh.context->sharedSecretLen,
+ auto contentBlock = genEncBlock(tlv::Content, m_aesKey, 32,
(const uint8_t*)payload.c_str(), payload.size());
result.setContent(contentBlock);
m_keyChain.sign(result, signingByIdentity(m_config.m_caName));
diff --git a/src/client-module.cpp b/src/client-module.cpp
index f8d73f6..a94b176 100644
--- a/src/client-module.cpp
+++ b/src/client-module.cpp
@@ -228,7 +228,7 @@
std::stringstream ss;
boost::property_tree::write_json(ss, paramJson);
auto payload = ss.str();
- auto paramBlock = genEncBlock(tlv::ApplicationParameters, m_ecdh.context->sharedSecret, m_ecdh.context->sharedSecretLen,
+ auto paramBlock = genEncBlock(tlv::ApplicationParameters, m_aesKey, 32,
(const uint8_t*)payload.c_str(), payload.size());
interest->setApplicationParameters(paramBlock);
@@ -243,7 +243,7 @@
_LOG_ERROR("Cannot verify data signature from " << m_ca.m_caName.toUri());
return;
}
- auto result = parseEncBlock(m_ecdh.context->sharedSecret, m_ecdh.context->sharedSecretLen, reply.getContent());
+ auto result = parseEncBlock(m_aesKey, 32, reply.getContent());
std::string payload((const char*)result.data(), result.size());
std::istringstream ss(payload);
JsonSection contentJson;