Let token key IDs be UTF-8 byte strings instead of just an integer

This makes key IDs vastly more expressive. Max size is 255 bytes,
and UTF-8 form is enforced by checking that the byte sequence can be
identity-transformed to and from a string with UTF-8 encoding.

In addition, we now protect the integrity of the key ID by supplying
it as the AAD parameter to the key sealing and opening operations.

Reduce v1 token max length of `enc` part to 255, since this is always
an X25519 public key, which is never bigger than 32 bytes (but may
be _less_ if the random `BigInteger` is small enough, so we still have
to encode the length).

1 files changed, 1 insertions, 1 deletions

diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java
index 3906c13c4a4..be4ee657292 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java
@@ -299,7 +299,7 @@ public class CoredumpHandlerTest {
     private static SecretSharedKey makeFixedSecretSharedKey() {
         byte[] keyBytes = bytesOf("very secret yes!"); // 128 bits
         var secretKey = new SecretKeySpec(keyBytes, "AES");
-        int keyId = 123;
+        byte[] keyId = bytesOf("the shiniest key");
         // We don't parse any of these fields in the test, so just use dummy contents.
         byte[] enc = bytesOf("hello world");
         byte[] ciphertext = bytesOf("imaginary ciphertext");