Block Ciphers

typedef struct { unsigned char *data; unsigned int len;

}ITEM;

Use a random number generator to come up with 24 bytes.

ITEM rc2KeyItem;

rc2KeyItem.len = 24;

rc2KeyItem.data = T_malloc (rc2KeyItem.len);

if ((status = (rc2KeyItem.data == NULL_PTR)) != 0) break;

/* Complete steps 1 - 4 of Generating Random Numbers, then call B_GenerateRandomBytes. */

if ((status = B_GenerateRandomBytes (randomAlgorithm, rc2KeyItem.data, rc2KeyItem.len, (A_SURRENDER_CTX *)NULL_PTR)) != 0)

break;

if ((status = B_SetKeyInfo

(rc2Key, KI_Item, (POINTER)&rc2KeyItem)) != 0) break;

It is a good idea to zeroize any sensitive data after leaving the do-while. In fact, you may want to zeroize the memory and free it up immediately after setting the key. To do so, first free the memory using T_free, then reset rc2KeyItem.data to NULL_PTR, duplicating the following sequence after the do-while. If there is an error inside the do-while, you will still zeroize and free sensitive data; if there is no error, you have reset to NULL_PTR, and the code after the do-whilewill not create havoc.

if (rc2KeyItem.data != NULL_PTR) {

T_memset (rc2KeyItem.data, 0, rc2KeyItem.len); T_free (rc2KeyItem.data);

rc2KeyItem.data = NULL_PTR; rc2KeyItem.len = 0;

}

C h a p t e r 6 S y m m e t r i c - K e y O p e r a t i o n s

1 8 7

Page 209
Image 209
RSA Security 5.2.2 manual Use a random number generator to come up with 24 bytes, If rc2KeyItem.data != Nullptr