Chapter 6 Symmetric-Key Operations 193
Block Ciphers
Use a random number generator to create 10 bytes:
It is a good idea to zeroize any sensitive data after leaving the
do-while. In fact, you
may want to zeroize the memory and free it up immediately after you set the key. To
do so, first free the memory using
T_free, then reset rc5KeyItem.data to NULL_PTR
and duplicate the following sequence after the
do-while. If there is an error inside the
do-while before you zeroize and free, you will still perform this important task; if
there is no error, by resetting to
NULL_PTR, you ensure that the code after the do-while
will not create havoc:
typedef struct {
unsigned char *data;
unsigned int len;
} ITEM;
ITEM rc5KeyItem;
rc5KeyItem.data = NULL_PTR;
rc5KeyItem.len = 10;
rc5KeyItem.data = T_malloc (rc5KeyItem.len);
if ((status = (rc5KeyItem.data == NULL_PTR)) != 0)
break;
if ((status = B_GenerateRandomBytes
(randomAlgorithm, rc5KeyItem.data, rc5KeyItem.len,
(A_SURRENDER_CTX *)NULL_PTR)) != 0)
break;
if ((status = B_SetKeyInfo
(rc5Key, KI_Item, (POINTER)&rc5KeyItem)) != 0)
break;
if (rc5KeyItem.data != NULL_PTR) {
T_memset (rc5KeyItem.data, 0, rc5KeyItem.len);
T_free (rc5KeyItem.data);
rc5KeyItem.data = NULL_PTR;
rc5KeyItem.len = 0;
};
