Cryptography Reference
In-Depth Information
Finally, the decrypted data must be ASN.1 parsed. After parsing, double-check
that OID really declares it as an RSA private key before passing it on to the pre-
viously examined
parse_private_key
routine to extract the actual key value.
asn1parse( decrypted_key,
encrypted_key->length - decrypted_key[ encrypted_key->length - 1 ],
&private_key );
free( decrypted_key );
key_type_oid = private_key.children->next->children;
if ( memcmp( OID_RSAPrivateKey, key_type_oid->data, key_type_oid->length ) )
{
fprintf( stderr, “Unsupported private key type” );
asn1free( &pkcs8_key );
asn1free( &private_key );
}
priv_key_data = private_key.children->next->next;
parse_private_key( privkey, priv_key_data->data, priv_key_data->length );
Completing the Key Exchange
Now that you can read a stored private key from disk, whether it's stored unen-
crypted or in the standardized PKCS #8 format (they're also sometimes stored
in PKCS #12 format, which isn't examined here), you can complete the key
exchange, as shown in Listing 7-18.
Listing 7-18:
“tls.c” parse_client_key_exchange
/**
* By the time this is called, “read_pos” points at an RSA encrypted (unless
* RSA isn't used for key exchange) premaster secret. All this routine has to
* do is decrypt it. See “privkey.c” for details.
* TODO expand this to support Diffie-Hellman key exchange
*/
static unsigned char *parse_client_key_exchange( unsigned char *read_pos,
int pdu_length,
TLSParameters *parameters )
{
int premaster_secret_length;
unsigned char *buffer;
int buffer_length;
unsigned char *premaster_secret;
rsa_key private_key;
// TODO make this configurable
// XXX this really really should be buffered
if ( !( buffer = load_file_into_memory( “key.pkcs8”, &buffer_length ) ) )
{
perror( “Unable to load file” );
(Continued)
Search WWH ::
Custom Search