aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff Burdges <burdges@gnunet.org>2016-08-08 12:43:59 +0200
committerJeff Burdges <burdges@gnunet.org>2016-08-08 12:43:59 +0200
commitcdcd67a27dc7da0016628782437e0c189b3e9782 (patch)
tree01fd86fa6bbed96e8b1e58d3f8cf620c38bcf5f3
parent7958464696f6451252ff0ae5bc42716e2326f8c4 (diff)
Use KDF better
We now send the secret_seed to the skm variable, while sending the counter salt to the xts variable. I have not check this with http://eprint.iacr.org/2010/264 but it seems correct. Indeed rsa_blinding_key_derive places the strong source of randomness in skm too, and uses a constant string for xts.
-rw-r--r--src/util/crypto.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/util/crypto.c b/src/util/crypto.c
index caeda3ff0..c1fd7da45 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -187,10 +187,10 @@ TALER_setup_fresh_coin (const struct TALER_TransferSecretP *secret_seed,
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_kdf (fc,
sizeof (*fc),
- secret_seed,
- sizeof (*secret_seed),
&be_salt,
sizeof (be_salt),
+ secret_seed,
+ sizeof (*secret_seed),
"taler-coin-derivation",
strlen ("taler-coin-derivation"),
NULL, 0));