What is wrong with this RSA encryption code?

Question

0.00/5 (No votes)

See more:

The code executes successfully, but a quick look at the files generated shows the succeeding results. What am I getting wrong?

C++

// SaveAppData.cpp : Defines the entry point for the console application.
#define _CRT_RAND_S
#include <cstdlib>
#include <stdio.h>
#include <string.h>
#include <math.h>
#include "openssl/constant_time_locl.h"//This header file has to be manually got and put in openssl folder
#include "openssl/cryptlib.h"//This header file has to be manually got and put in openssl folder
#include "openssl/bn.h"
#include "openssl/rsa.h"
#include "openssl/pem.h"
#include "openssl/err.h"
#include "openssl/evp.h"
#include "openssl/rand.h"
#include "openssl/sha.h"
#include "Header.h"


#define LOG(x) 3.32 * log10(x)
#define ENTROPY(x) -(x * LOG(x))

#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1                 153


const int KEY_LENGTH = 4096;
const int PUB_EXP = RSA_F4;

const int BUFFER_LENGTH = 256;
unsigned int uiTable[BUFFER_LENGTH];

double Analyze(int iDataNum);
void ReadData(unsigned char *pData, int iLength);
int GenerateRandomString(char *pszString,int nLength);
double FindEntropy(unsigned char *pData, int iDataNum);

int main(int argc,char *argv[])
{
	char *pszData =  "This is a test for me";
	char *pszDestinationFile = "TestFile";
	char *pszDestinationFile1 = "TestFile1";
	char szBuffer[256];
	BIGNUM *pBigNumber  = NULL;
	RSA * pKeyPair = NULL;

	BIO *pBioPub = NULL;
	char *pszPubKey = NULL;

	BIO *pBioPriv = NULL;
	char *pszPrivKey = NULL;
    unsigned char * pEncryptData = NULL;
	bool bSuccess = true;
	double dEntropy;

	if(!GenerateRandomString(szBuffer,255))
	{
		return 0;
	}

	dEntropy = FindEntropy((unsigned char *)szBuffer,strlen(szBuffer));

	pBigNumber = BN_new();
	if(!pBigNumber)
	{
		bSuccess =  0;
		goto Cleanup;
	}

	pKeyPair = RSA_new();
	if(!pKeyPair)
	{
		bSuccess =  0;
		goto Cleanup;
	}

	if(!BN_set_word(pBigNumber,PUB_EXP))
	{
		bSuccess =  0;
		goto Cleanup;
	}
	
	RAND_add(szBuffer,strlen(szBuffer),dEntropy);

	if(!RSA_generate_key_ex(pKeyPair,KEY_LENGTH,pBigNumber,NULL))
	{
		bSuccess =  0;
		goto Cleanup;
	}

	pBioPub = BIO_new(BIO_s_mem());
	PEM_write_bio_RSAPublicKey(pBioPub,pKeyPair);
	int  iPubKeyLen = BIO_pending(pBioPub);

	pszPubKey = new char [iPubKeyLen + 1];
	BIO_read(pBioPub,pszPubKey,iPubKeyLen);
	pszPubKey[iPubKeyLen] = '\0';

	FILE *fp = fopen(pszDestinationFile,"wb ,ccs = UTF-8");
	if(!fp)
	{
		bSuccess =  0;
		goto Cleanup;
	}
	if(!fwrite(pszPubKey,sizeof(char)* (iPubKeyLen + 1),1,fp))
	{
		bSuccess =  0;
		goto Cleanup;
	}
	fclose(fp);
	
	pEncryptData = new unsigned char [RSA_size(pKeyPair)];
	if(!RSA_private_encrypt(strlen(pszData) + 1,(unsigned char *)pszData,pEncryptData,pKeyPair,RSA_PKCS1_OAEP_PADDING))
	{
		bSuccess =  0;
		goto Cleanup;
	}

	fp = fopen(pszDestinationFile1,"wb ,ccs = UTF-8");
	if(!fp)
	{
		bSuccess =  0;
		goto Cleanup;
	}
	if(!fwrite(pEncryptData,RSA_size(pKeyPair),1,fp))
	{
		bSuccess =  0;
		goto Cleanup;
	}
	fclose(fp);

Cleanup:
	if(pBigNumber)
	{
		BN_free(pBigNumber);
	}
	
	if(pKeyPair)
	{
		RSA_free(pKeyPair);
	}

	if(pBioPub)
	{
		BIO_free_all(pBioPub);
	}

	if(pszPubKey)
	{
		delete [] pszPubKey;
	}
	if(pEncryptData)
	{
		delete [] pEncryptData;
	}
	
	return bSuccess;
}


double FindEntropy(unsigned char *pData, int iDataNum)
{
	memset(uiTable,0,sizeof(uiTable));

	ReadData(pData,iDataNum);
	double dEntropy = Analyze(iDataNum);

	return dEntropy;
}

void ReadData(unsigned char *pData, int iLength)
{
	int ch;

	for(int i = 0; i < iLength; i++)
	{
		ch = pData[i];
		uiTable[ch]++;
	}
}

double Analyze(int iDataNum)
{
	double dAccum = 0.0;
	double dFreq;
	register int z;

	for(z = 0; z < BUFFER_LENGTH; z++)
	{
		if(uiTable[z])
		{
			dFreq = (double) uiTable[z]/iDataNum;
			dAccum += (double) ENTROPY(dFreq);
		}
	}

	return dAccum;

}

int GenerateRandomString(char *pszString,int nLength)
{
	unsigned int iNumber;
	int iCount = 0;
			
	if(rand_s(&iNumber))
	{
		return 0;
	}
			
	 while(iCount < nLength)
	 {
		 int iChar = iNumber % 256;

		 if(isprint(iChar) && !isspace(iChar))
		 {
			 pszString[iCount] = (char)iChar;
			 iCount++;
		 }
		 if(rand_s(&iNumber))
		 {
			return 0;
		 }
	 }
	 
	 pszString[nLength] = '\0';

	 return 1;
}

Public Key file follows:

-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAnK/2DuuahdzthOQBL3d7fm8vWBMye7FHGSR8hceJUaAQUS21XweP
cGHJ9A6Z1B/V29hWqjtTAxy7yj3y/eo7J+hsKgR+FqCsErw77bHFbWDM3+wYnqVE
y0FjSKT0CHSX88LZ6l+0grf21gpBhpgcDWwEfptBMLz1ImQtR7sDqQQeUok6yNez
cy4rrDf4A0NVlVHtyVRkXoN9r2AfM81codtmYXnEcTaODmyrHYuJIHuOKNFAiPVd
nQwYY14V6N+KyBDUgGbJ52Iu6G+xN8fgzc0HVeLPRBrfx6uQ8fPYPso6q+6QfX4C
G75fkVIYLcSxivFWwziZqsni2UYVljayiFaPzGkNWeBqejTN6CnHnoJ15ZuP9791
X/UFjw/ihSYWqayDNtKvy79nN7YFv66oM090qqzgW6pMeqXHDmuqEDqZcD/7tcWf
RByR0MAiuoT2rUQ2jo0y21+Sh/+MhCNwjjoRnLa+lGdPESqW/2iR5XOWB31qfPJ/
9SxOnqratjy7Zkfwapxu8ahg22rRe5jWtj7wZ02aarWYuYy16T9Wgg2vUtaGYnqh
sWREaxp/F3ZuWUYIDnF8FJxKbNlweSjkWDRJwX5qsPh/5XhUCMGs69ZsBwSw4h0r
zoFq93+E0mmDNgjjhviLQlgbwfrjpJy2WpZIEZHsRCS51OEyCNXTm48CAwEAAQ==
-----END RSA PUBLIC KEY-----

Encrypted message follows:

ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ

I dont think the above encrypted message can be the correct encrypted message.

Posted 1-Nov-15 18:03pm

Gbenbam

Add a Solution

Comments

Richard MacCutchan 2-Nov-15 5:02am

Anyone who puts that many goto statements in his code deserves a public flogging.

Gbenbam 7-Nov-15 16:25pm

Funny. I got somewhere on the web and modified it. I am not the cuprit.

Gbenbam 7-Nov-15 16:32pm

OK. I remember now. I added severe got statement of my own to for agreement with the former version.

So, can you suggest a better way to write the code without goto and still do clean up.

But, I think the code is still very readable even with that large number of goto. Or don't you think so?

Gbenbam 7-Nov-15 16:46pm

Ok. I'll rewrite it and without any goto statement.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

bling · Answer 1 · 2015-11-02T11:45:00

Solution 1

RSA_private_encrypt returns -1 for error.

You may have other mistakes but that one stands out.

Posted 2-Nov-15 11:45am

bling