From 03db58c0073ee2eeb1acc2ef27a570ba6f43e7ff Mon Sep 17 00:00:00 2001
From: Kevin Lewi <klewi@fb.com>
Date: Tue, 19 Nov 2024 14:42:20 -0800
Subject: [PATCH] Adding missing encodings for CleartextCredentials and
 CustomLabel

---
 draft-irtf-cfrg-opaque.md | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/draft-irtf-cfrg-opaque.md b/draft-irtf-cfrg-opaque.md
index d0e3661..86bc507 100644
--- a/draft-irtf-cfrg-opaque.md
+++ b/draft-irtf-cfrg-opaque.md
@@ -697,7 +697,14 @@ def Store(randomized_password, server_public_key,
     CreateCleartextCredentials(server_public_key, client_public_key,
                                server_identity, client_identity)
   auth_tag =
-    MAC(auth_key, concat(envelope_nonce, cleartext_credentials))
+    MAC(auth_key, concat(
+      envelope_nonce,
+      server_public_key,
+      I2OSP(len(cleartext_credentials.server_identity), 2),
+      cleartext_credentials.server_identity,
+      I2OSP(len(cleartext_credentials.client_identity), 2),
+      cleartext_credentials.client_identity
+    ))
 
   envelope = Envelope {
     envelope_nonce,
@@ -1586,7 +1593,7 @@ Expand-Label(Secret, Label, Context, Length) =
     Expand(Secret, CustomLabel, Length)
 ~~~
 
-Where CustomLabel is specified as:
+Where CustomLabel is specified and encoded (following Section 3.4 of {{?RFC8446}}) as:
 
 ~~~
 struct {