From ec32181d03f9c34708a7605c724a36fd91364f9b Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Tue, 29 Jan 2019 15:56:52 +0100 Subject: Add helper randomization function in key-provider.cpp Change-Id: I657ac68ce8e9253ca63187132eef3fb769d8426a --- src/manager/service/key-provider.cpp | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp index 0ed59cc5..aea5c9b5 100644 --- a/src/manager/service/key-provider.cpp +++ b/src/manager/service/key-provider.cpp @@ -162,6 +162,13 @@ KeyData makePKEK2(const uint8_t *domainKEK, const std::string &user) return key; } + +template +bool randomize(uint8_t (&array)[N]) +{ + return RAND_bytes(array, N) == 1; +} + } // anonymous namespace WrappedKeyAndInfoContainer::WrappedKeyAndInfoContainer() @@ -425,8 +432,7 @@ RawBuffer KeyProvider::generateDEK(const ClientId &client) uint8_t key[MAX_KEY_SIZE]; - if (!RAND_bytes(key, m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength) || - !RAND_bytes(wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE)) + if (!randomize(key) || !randomize(wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv)) ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR"); KeyData PKEK2 = makePKEK2(m_kmcDKEK->getKeyAndInfo().key, resized_client); @@ -512,10 +518,11 @@ RawBuffer KeyProvider::generateDomainKEK( wkmcDKEK.setKeyInfoClient(user); - if (!RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt, MAX_SALT_SIZE) || - !RAND_bytes(key, MAX_KEY_SIZE) || - !RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE)) + if (!randomize(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt) || + !randomize(key) || + !randomize(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv)) { ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR"); + } KeyData PKEK1 = makePKEK1(wkmcDKEK.getWrappedKeyAndInfo().keyInfo, userPassword); -- cgit v1.2.3