change salt to 32-byte array
Change-Id: I2c0a378feee555f1c8108b142c40967f382c0d24
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index 5e6c40f..98fb2ab 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp
@@ -229,10 +229,11 @@
return;
}
// generate salt for HKDF
- auto saltInt = random::generateSecureWord64();
+ std::array<uint8_t, 32> salt;
+ random::generateSecureBytes(salt.data(), salt.size());
// hkdf
uint8_t aesKey[AES_128_KEY_LEN];
- hkdf(ecdh.m_sharedSecret, ecdh.m_sharedSecretLen, (uint8_t*)&saltInt, sizeof(saltInt), aesKey, sizeof(aesKey));
+ hkdf(ecdh.m_sharedSecret, ecdh.m_sharedSecretLen, salt.data(), salt.size(), aesKey, sizeof(aesKey));
// verify identity name
if (!m_config.m_caItem.m_caPrefix.isPrefixOf(clientCert->getIdentity())
@@ -320,7 +321,7 @@
result.setName(request.getName());
result.setFreshnessPeriod(DEFAULT_DATA_FRESHNESS_PERIOD);
result.setContent(NewRenewRevokeEncoder::encodeDataContent(myEcdhPubKeyBase64,
- std::to_string(saltInt),
+ salt,
requestState,
m_config.m_caItem.m_supportedChallenges));
m_keyChain.sign(result, signingByIdentity(m_config.m_caItem.m_caPrefix));