Cryptography Reference
In-Depth Information
Following the validity period is the subject name; this is parsed using the
same routine as the issuer name.
Finally, it's time to parse the element you've been waiting this whole time
to see — the public key itself, which is the one piece of information that you
can't complete a secure key exchange without. Because the designers of the
X.509 structure wanted to leave room for arbitrary public encryption algo-
rithms, the structure is a bit more complex than you might expect; the public
key node starts with an OID that indicates what to do with the rest. For now,
to keep things relatively simple, just look at the RSA specifi cation.
The element following the algorithm identifi er OID is a bit string. This bit
string is itself an ASN.1 DER-encoded value and must be parsed. Its contents
vary depending on the algorithm. For RSA, the contents are a single sequence
containing two integers — the fi rst is the public exponent and the second is the
modulus (of course, the private exponent is not included).
RSA public key info parsing is shown in Listing 5-19.
Listing 5-19:
“x509.c” parse_public_key_info
static const unsigned char OID_RSA[] =
{ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 };
static int parse_public_key_info( public_key_info *target,
struct asn1struct *source )
{
struct asn1struct *oid;
struct asn1struct *public_key;
struct asn1struct public_key_value;
oid = source->children->children;
public_key = source->children->next;
// The public key is a bit string encoding yet another ASN.1 DER-encoded
// value - need to parse *that* here
// Skip over the “0” byte in the public key.
if ( asn1parse( public_key->data + 1,
public_key->length - 1,
&public_key_value ) )
{
fprintf( stderr,
“Error; public key node is malformed (not ASN.1 DER-encoded)\n” );
return 5;
}
if ( !memcmp( oid->data, &OID_RSA, sizeof( OID_RSA ) ) )
{
target->algorithm = rsa;
parse_huge( target->rsa_public_key.modulus, public_key_value.children );
Search WWH ::
Custom Search