Use KDF better

We now send the secret_seed to the skm variable, while sending the counter salt to the xts variable. I have not check this with http://eprint.iacr.org/2010/264 but it seems correct. Indeed rsa_blinding_key_derive places the strong source of randomness in skm too, and uses a constant string for xts.
2016-08-08 12:43:59 +02:00 · 2016-08-08 12:43:59 +02:00 · cdcd67a27d
commit cdcd67a27d
parent 7958464696
1 changed files with 2 additions and 2 deletions
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@ -187,10 +187,10 @@ TALER_setup_fresh_coin (const struct TALER_TransferSecretP *secret_seed,
  GNUNET_assert (GNUNET_OK ==
                 GNUNET_CRYPTO_kdf (fc,
                                    sizeof (*fc),
-                                    secret_seed,
-                                    sizeof (*secret_seed),
                                    &be_salt,
                                    sizeof (be_salt),
+                                    secret_seed,
+                                    sizeof (*secret_seed),
                                    "taler-coin-derivation",
                                    strlen ("taler-coin-derivation"),
                                    NULL, 0));