Block Ciphers

typedef struct { unsigned char *data; unsigned int len;

}ITEM;

Use a random number generator to create 10 bytes:

ITEM rc5KeyItem;

rc5KeyItem.data = NULL_PTR; rc5KeyItem.len = 10;

rc5KeyItem.data = T_malloc (rc5KeyItem.len);

if ((status = (rc5KeyItem.data == NULL_PTR)) != 0) break;

if ((status = B_GenerateRandomBytes (randomAlgorithm, rc5KeyItem.data, rc5KeyItem.len, (A_SURRENDER_CTX *)NULL_PTR)) != 0)

break;

if ((status = B_SetKeyInfo

(rc5Key, KI_Item, (POINTER)&rc5KeyItem)) != 0) break;

It is a good idea to zeroize any sensitive data after leaving the do-while. In fact, you may want to zeroize the memory and free it up immediately after you set the key. To do so, first free the memory using T_free, then reset rc5KeyItem.data to NULL_PTR and duplicate the following sequence after the do-while. If there is an error inside the do-whilebefore you zeroize and free, you will still perform this important task; if there is no error, by resetting to NULL_PTR, you ensure that the code after the do-whilewill not create havoc:

if (rc5KeyItem.data != NULL_PTR) {

T_memset (rc5KeyItem.data, 0, rc5KeyItem.len); T_free (rc5KeyItem.data);

rc5KeyItem.data = NULL_PTR; rc5KeyItem.len = 0;

};

C h a p t e r 6 S y m m e t r i c - K e y O p e r a t i o n s

1 9 3

Page 215
Image 215
RSA Security 5.2.2 manual Use a random number generator to create 10 bytes, Item rc5KeyItem, If rc5KeyItem.data != Nullptr