Closed iaik-jheher closed 6 days ago
This also affects CustomLabel
. I suspect that language similar to RFC 8446's section 3.4 is missing.
@iaik-jheher Thank you for pointing this out! This has been addressed in #471 , please take a look and let me know if this looks good.
Looks good to me!
Closed by #471
CleartextCredentials is specified as:
An instance of
CleartextCredentials
is then concatenated with the envelope nonce to generate theauth_tag
:However, the document does not specify anywhere how to serialize a
CleartextCredentials
structure to bytes. As opposed to every other structure in the document, which has fixed field lengths (and can simply be serialized by concatenating the fields),CleartextCredentials
has two fields with dynamic lengths. It is not immediately obvious how it should be serialized.I was able to make an educated guess (based on the length constraint) that
CleartextCredentials
should be serialized as:Which also then matches the provided test vectors. Nevertheless, this should be specified in the document.