Use HKDF-derived key instead of shared secret Change-Id: I0a96f1469e5bf28fe2ea299e835a77217ba361e0

commit: 65e5998b44751df2f128749ffe4ff783b0864b02 [log] [tgz]
author: Zhiyi Zhang <zhiyi@cs.ucla.edu> Sun Sep 08 12:07:30 2019 -0700
committer: Zhiyi Zhang <zhiyi@cs.ucla.edu> Sun Sep 08 12:07:30 2019 -0700
tree: 965f3c19c476b4cf60dcca7a644e68f419032883
parent: 151906039cc6bc2a6f5ba8ce5f25ab98ee519ca5 [diff] [blame]
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index c7b4291..a6855db 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp

@@ -306,8 +306,7 @@
     return;
   }
   // decrypt the parameters
-  auto paramJsonPayload = parseEncBlock(m_ecdh.context->sharedSecret,
-                                        m_ecdh.context->sharedSecretLen,
+  auto paramJsonPayload = parseEncBlock(m_aesKey, 32,
                                         request.getApplicationParameters());
   if (paramJsonPayload.size() == 0) {
     _LOG_ERROR("Got an empty buffer from content decryption.");
@@ -386,8 +385,7 @@
   std::stringstream ss2;
   boost::property_tree::write_json(ss2, contentJson);
   auto payload = ss2.str();
-  auto contentBlock = genEncBlock(tlv::Content, m_ecdh.context->sharedSecret,
-                                  m_ecdh.context->sharedSecretLen,
+  auto contentBlock = genEncBlock(tlv::Content, m_aesKey, 32,
                                   (const uint8_t*)payload.c_str(), payload.size());
   result.setContent(contentBlock);
   m_keyChain.sign(result, signingByIdentity(m_config.m_caName));
commit	65e5998b44751df2f128749ffe4ff783b0864b02	[log] [tgz]
author	Zhiyi Zhang <zhiyi@cs.ucla.edu>	Sun Sep 08 12:07:30 2019 -0700
committer	Zhiyi Zhang <zhiyi@cs.ucla.edu>	Sun Sep 08 12:07:30 2019 -0700
tree	965f3c19c476b4cf60dcca7a644e68f419032883
parent	151906039cc6bc2a6f5ba8ce5f25ab98ee519ca5 [diff] [blame]