change salt to 32-byte array
Change-Id: I2c0a378feee555f1c8108b142c40967f382c0d24
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index 5e6c40f..98fb2ab 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp
@@ -229,10 +229,11 @@
return;
}
// generate salt for HKDF
- auto saltInt = random::generateSecureWord64();
+ std::array<uint8_t, 32> salt;
+ random::generateSecureBytes(salt.data(), salt.size());
// hkdf
uint8_t aesKey[AES_128_KEY_LEN];
- hkdf(ecdh.m_sharedSecret, ecdh.m_sharedSecretLen, (uint8_t*)&saltInt, sizeof(saltInt), aesKey, sizeof(aesKey));
+ hkdf(ecdh.m_sharedSecret, ecdh.m_sharedSecretLen, salt.data(), salt.size(), aesKey, sizeof(aesKey));
// verify identity name
if (!m_config.m_caItem.m_caPrefix.isPrefixOf(clientCert->getIdentity())
@@ -320,7 +321,7 @@
result.setName(request.getName());
result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
result.setContent(NewRenewRevokeEncoder::encodeDataContent(myEcdhPubKeyBase64,
- std::to_string(saltInt),
+ salt,
requestState,
m_config.m_caItem.m_supportedChallenges));
m_keyChain.sign(result, signingByIdentity(m_config.m_caItem.m_caPrefix));
diff --git a/src/detail/new-renew-revoke-encoder.cpp b/src/detail/new-renew-revoke-encoder.cpp
index ef67146..77717bd 100644
--- a/src/detail/new-renew-revoke-encoder.cpp
+++ b/src/detail/new-renew-revoke-encoder.cpp
@@ -74,13 +74,13 @@
}
Block
-NewRenewRevokeEncoder::encodeDataContent(const std::string& ecdhKey, const std::string& salt,
+NewRenewRevokeEncoder::encodeDataContent(const std::string& ecdhKey, const std::array<uint8_t, 32>& salt,
const CaState& request,
const std::list<std::string>& challenges)
{
Block response = makeEmptyBlock(ndn::tlv::Content);
response.push_back(makeStringBlock(tlv::EcdhPub, ecdhKey));
- response.push_back(makeStringBlock(tlv::Salt, salt));
+ response.push_back(makeBinaryBlock(tlv::Salt, salt.data(), salt.size()));
response.push_back(makeBinaryBlock(tlv::RequestId, request.m_requestId.data(), request.m_requestId.size()));
response.push_back(makeNonNegativeIntegerBlock(tlv::Status, static_cast<size_t>(request.m_status)));
for (const auto& entry: challenges) {
@@ -94,19 +94,24 @@
NewRenewRevokeEncoder::decodeDataContent(const Block& content)
{
content.parse();
- const auto& ecdhKey = readString(content.get(tlv::EcdhPub));
- const auto& salt = readString(content.get(tlv::Salt));
- uint64_t saltInt = std::stoull(salt);
const auto& requestStatus = static_cast<Status>(readNonNegativeInteger(content.get(tlv::Status)));
+ const auto& ecdhKey = readString(content.get(tlv::EcdhPub));
+
+ const auto& saltBlock = content.get(tlv::Salt);
+ std::array<uint8_t, 32> salt;
+ std::memcpy(salt.data(), saltBlock.value(), saltBlock.value_size());
+
+ const auto& requestIdBlock = content.get(tlv::RequestId);
RequestID requestId;
- std::memcpy(requestId.data(), content.get(tlv::RequestId).value(), content.get(tlv::RequestId).size());
+ std::memcpy(requestId.data(), requestIdBlock.value(), requestIdBlock.value_size());
+
std::list<std::string> challenges;
for (auto const& element : content.elements()) {
if (element.type() == tlv::Challenge) {
challenges.push_back(readString(element));
}
}
- return DecodedData{ecdhKey, saltInt, requestId, requestStatus, challenges};
+ return DecodedData{ecdhKey, salt, requestId, requestStatus, challenges};
}
} // namespace ndncert
diff --git a/src/detail/new-renew-revoke-encoder.hpp b/src/detail/new-renew-revoke-encoder.hpp
index 8b083d6..72194db 100644
--- a/src/detail/new-renew-revoke-encoder.hpp
+++ b/src/detail/new-renew-revoke-encoder.hpp
@@ -36,13 +36,13 @@
decodeApplicationParameters(const Block& block, RequestType requestType, std::string& ecdhPub, shared_ptr<security::Certificate>& certRequest);
static Block
- encodeDataContent(const std::string& ecdhKey, const std::string& salt,
+ encodeDataContent(const std::string& ecdhKey, const std::array<uint8_t, 32>& salt,
const CaState& request,
const std::list<std::string>& challenges);
struct DecodedData {
std::string ecdhKey;
- uint64_t salt;
+ std::array<uint8_t, 32> salt;
RequestID requestId;
Status requestStatus;
std::list<std::string> challenges;