Cryptography Reference
In-Depth Information
return 0;
}
parse_pkcs8_private_key( &private_key, buffer, buffer_length, “password” );
free( buffer );
// Skip over the two length bytes, since length is already known anyway
premaster_secret_length = rsa_decrypt( read_pos + 2, pdu_length - 2,
&premaster_secret, &private_key );
if ( premaster_secret_length <= 0 )
{
fprintf( stderr, “Unable to decrypt premaster secret.\n” );
return NULL;
}
free_huge( private_key.modulus );
free_huge( private_key.exponent );
free( private_key.modulus );
free( private_key.exponent );
// Now use the premaster secret to compute the master secret. Don't forget
// that the first two bytes of the premaster secret are the version 0x03 0x01
// These are part of the premaster secret (8.1.1 states that the premaster
// secret for RSA is exactly 48 bytes long).
compute_master_secret( premaster_secret, MASTER_SECRET_LENGTH, parameters );
calculate_keys( parameters );
return read_pos + pdu_length;
}
This should be easy to follow. The private key is loaded into memory and
parsed; the private key is then used to decrypt the premaster secret. Of course,
the same points about storing and buffering the private key apply here as they
did to the certifi cate in the previous section.
The master secret computation and key calculation are almost identical on
the server side as on the client side. The only difference is that, now, as the
server, the read and write keys are reversed. Because you want to go ahead and
use the exact same
tls_send
and
tls_recv
functions as before, remember that
tls_send
is looking for the write key, and
tls_recv
is looking for the read key.
This means that you have to add a check in
calculate_keys
to determine if the
current process is the client or the server and adjust accordingly in Listing 7-19.
Listing 7-19:
“tls.c” calculate_keys with server support
static void calculate_keys( TLSParameters *parameters )
{
…
if ( parameters->connection_end == connection_end_client )
Search WWH ::
Custom Search