Use KDF better

We now send the secret_seed to the skm variable, while sending the counter salt to the xts variable. I have not check this with http://eprint.iacr.org/2010/264 but it seems correct. Indeed rsa_blinding_key_derive places the strong source of randomness in skm too, and uses a constant string for xts.
author: Jeff Burdges <burdges@gnunet.org> 2016-08-08 12:43:59 +0200
committer: Jeff Burdges <burdges@gnunet.org> 2016-08-08 12:43:59 +0200
commit: cdcd67a27dc7da0016628782437e0c189b3e9782 (patch)
tree: 01fd86fa6bbed96e8b1e58d3f8cf620c38bcf5f3 /src
parent: 7958464696f6451252ff0ae5bc42716e2326f8c4 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/util/crypto.c b/src/util/crypto.c
index caeda3ff0..c1fd7da45 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -187,10 +187,10 @@ TALER_setup_fresh_coin (const struct TALER_TransferSecretP *secret_seed,
   GNUNET_assert (GNUNET_OK ==
                  GNUNET_CRYPTO_kdf (fc,
                                     sizeof (*fc),
-                                    secret_seed,
-                                    sizeof (*secret_seed),
                                     &be_salt,
                                     sizeof (be_salt),
+                                    secret_seed,
+                                    sizeof (*secret_seed),
                                     "taler-coin-derivation",
                                     strlen ("taler-coin-derivation"),
                                     NULL, 0));
author	Jeff Burdges <burdges@gnunet.org>	2016-08-08 12:43:59 +0200
committer	Jeff Burdges <burdges@gnunet.org>	2016-08-08 12:43:59 +0200
commit	cdcd67a27dc7da0016628782437e0c189b3e9782 (patch)
tree	01fd86fa6bbed96e8b1e58d3f8cf620c38bcf5f3 /src
parent	7958464696f6451252ff0ae5bc42716e2326f8c4 (diff)