Add helper randomization function in key-provider.cpp

Change-Id: I657ac68ce8e9253ca63187132eef3fb769d8426a

diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp
index 0ed59cc..aea5c9b 100644 (file)
--- a/src/manager/service/key-provider.cpp
+++ b/src/manager/service/key-provider.cpp
@@ -162,6 +162,13 @@ KeyData makePKEK2(const uint8_t *domainKEK, const std::string &user)
        return key;
 }
 
+
+template <size_t N>
+bool randomize(uint8_t (&array)[N])
+{
+       return RAND_bytes(array, N) == 1;
+}
+
 } // anonymous namespace
 
 WrappedKeyAndInfoContainer::WrappedKeyAndInfoContainer()
@@ -425,8 +432,7 @@ RawBuffer KeyProvider::generateDEK(const ClientId &client)
 
        uint8_t key[MAX_KEY_SIZE];
 
-       if (!RAND_bytes(key, m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength) ||
-                       !RAND_bytes(wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE))
+       if (!randomize(key) || !randomize(wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv))
                ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
 
        KeyData PKEK2 = makePKEK2(m_kmcDKEK->getKeyAndInfo().key, resized_client);
@@ -512,10 +518,11 @@ RawBuffer KeyProvider::generateDomainKEK(
 
        wkmcDKEK.setKeyInfoClient(user);
 
-       if (!RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt, MAX_SALT_SIZE) ||
-                       !RAND_bytes(key, MAX_KEY_SIZE) ||
-                       !RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE))
+       if (!randomize(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt) ||
+           !randomize(key) ||
+           !randomize(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv)) {
                ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
+       }
 
        KeyData PKEK1 = makePKEK1(wkmcDKEK.getWrappedKeyAndInfo().keyInfo, userPassword);