return key;
}
+/**
+ * Try to decrypt the given blob using the given password and pkcs5 object.
+ */
+static private_key_t *decrypt_private_key_pw(key_type_t type, pkcs5_t *pkcs5,
+ chunk_t blob, chunk_t password)
+{
+ private_key_t *private_key;
+ chunk_t decrypted;
+
+ if (!pkcs5->decrypt(pkcs5, password, blob, &decrypted))
+ {
+ return NULL;
+ }
+ /* do a quick check to validate whether the password was correct */
+ if (!is_asn1(decrypted))
+ {
+ chunk_clear(&decrypted);
+ return NULL;
+ }
+ private_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
+ type, BUILD_BLOB_ASN1_DER,
+ decrypted, BUILD_END);
+ chunk_clear(&decrypted);
+ return private_key;
+}
+
/**
* Try to decrypt the given blob with multiple passwords using the given
* pkcs5 object.
{
enumerator_t *enumerator;
shared_key_t *shared;
- private_key_t *private_key = NULL;
+ private_key_t *private_key;
+
+ private_key = decrypt_private_key_pw(type, pkcs5, blob, chunk_empty);
+ if (private_key)
+ {
+ return private_key;
+ }
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
SHARED_PRIVATE_KEY_PASS, NULL, NULL);
while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
- chunk_t decrypted;
-
- if (!pkcs5->decrypt(pkcs5, shared->get_key(shared), blob, &decrypted))
- {
- continue;
- }
- /* do a quick check to validate whether the password was correct */
- if (!is_asn1(decrypted))
- {
- chunk_clear(&decrypted);
- continue;
- }
- private_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
- type, BUILD_BLOB_ASN1_DER,
- decrypted, BUILD_END);
+ private_key = decrypt_private_key_pw(type, pkcs5, blob,
+ shared->get_key(shared));
if (private_key)
{
- chunk_clear(&decrypted);
break;
}
- chunk_free(&decrypted);
}
enumerator->destroy(enumerator);
-
return private_key;
}