From cdcd67a27dc7da0016628782437e0c189b3e9782 Mon Sep 17 00:00:00 2001
From: Jeff Burdges <burdges@gnunet.org>
Date: Mon, 8 Aug 2016 12:43:59 +0200
Subject: Use KDF better

We now send the secret_seed to the skm variable, while sending the
counter salt to the xts variable.  I have not check this with
http://eprint.iacr.org/2010/264 but it seems correct.

Indeed rsa_blinding_key_derive places the strong source of
randomness in skm too, and uses a constant string for xts.
---
 src/util/crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/util')

diff --git a/src/util/crypto.c b/src/util/crypto.c
index caeda3ff0..c1fd7da45 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -187,10 +187,10 @@ TALER_setup_fresh_coin (const struct TALER_TransferSecretP *secret_seed,
   GNUNET_assert (GNUNET_OK ==
                  GNUNET_CRYPTO_kdf (fc,
                                     sizeof (*fc),
-                                    secret_seed,
-                                    sizeof (*secret_seed),
                                     &be_salt,
                                     sizeof (be_salt),
+                                    secret_seed,
+                                    sizeof (*secret_seed),
                                     "taler-coin-derivation",
                                     strlen ("taler-coin-derivation"),
                                     NULL, 0));
-- 
cgit v1.2.3