Closed chris-wood closed 2 years ago
The signature is currently:
struct { uint16_t token_type = 0x0003; uint8_t token_key_id; uint8_t issuer_encap_key_id[32]; uint8_t encrypted_token_request<1..2^16-1>; uint8_t request_signature[Nsig]; // signature over concat(token_type, token_key_id, issuer_encap_key_id, enc_token_req without length prefix) } TokenRequest;
But we should do:
struct { uint16_t token_type = 0x0003; uint8_t token_key_id; uint8_t issuer_encap_key_id[32]; uint8_t encrypted_token_request<1..2^16-1>; uint8_t request_signature[Nsig]; // sign everything above verbatim } TokenRequest;
It's just good practice to sign everything and it costs us nothing to do so.
The signature is currently:
But we should do:
It's just good practice to sign everything and it costs us nothing to do so.