Cryptography Reference
In-Depth Information
fprintf( stderr, “Unsupported key encryption algorithm\n” );
asn1free( &pkcs8_key );
return 1;
}
// TODO support more algorithms
salt = encryptionId->next->children;
iteration_count = salt->next;
encrypted_key = pkcs8_key.children->next;
The same caveat about error checking from Chapter 5 applies here, although
at the very least, you're not dealing with data transmitted by some random
stranger over the Internet. A mistake here is likely to be user or programmer
error rather than a malicious attack.
Next, decrypt the encrypted private key structure following the PKCS #5
structure.
// ugly typecasting
counter = ntohs( *iteration_count->data );
// Since the passphrase can be any length, not necessarily 8 bytes,
// must use a digest here.
new_md5_digest( &initial_hash );
update_digest( &initial_hash, passphrase, strlen( passphrase ) );
update_digest( &initial_hash, salt->data, salt->length );
finalize_digest( &initial_hash );
memcpy( passphrase_hash_out, initial_hash.hash,
initial_hash.hash_len * sizeof( int ) );
while ( --counter )
{
memcpy( passphrase_hash_in, passphrase_hash_out,
sizeof( int ) * MD5_RESULT_SIZE );
// Since MD5 always outputs 8 bytes, input size is known; can
// use md5_hash directly in this case; no need for a digest.
md5_hash( passphrase_hash_in,
sizeof( int ) * MD5_RESULT_SIZE,
( unsigned int * ) passphrase_hash_out );
}
decrypted_key = ( unsigned char * ) malloc( encrypted_key->length );
des_decrypt( encrypted_key->data, encrypted_key->length, decrypted_key,
( unsigned char * ) passphrase_hash_out + DES_KEY_SIZE,
( unsigned char * ) passphrase_hash_out );
If PBE was used elsewhere in this program, this section might be useful to
extract as a separate function call; it's instead included inline here:
1. The initial hash is built as the concatenation of the passphrase, which was
passed as an argument to the function, and the salt, which was part of the
key fi le itself.
2. This hash is hashed over and over,
counter
times, to generate the keying
material.
Search WWH ::
Custom Search