From cdcd67a27dc7da0016628782437e0c189b3e9782 Mon Sep 17 00:00:00 2001 From: Jeff Burdges Date: Mon, 8 Aug 2016 12:43:59 +0200 Subject: [PATCH] Use KDF better We now send the secret_seed to the skm variable, while sending the counter salt to the xts variable. I have not check this with http://eprint.iacr.org/2010/264 but it seems correct. Indeed rsa_blinding_key_derive places the strong source of randomness in skm too, and uses a constant string for xts. --- src/util/crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/crypto.c b/src/util/crypto.c index caeda3ff0..c1fd7da45 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -187,10 +187,10 @@ TALER_setup_fresh_coin (const struct TALER_TransferSecretP *secret_seed, GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_kdf (fc, sizeof (*fc), - secret_seed, - sizeof (*secret_seed), &be_salt, sizeof (be_salt), + secret_seed, + sizeof (*secret_seed), "taler-coin-derivation", strlen ("taler-coin-derivation"), NULL, 0));