RSA encrypt/decrypt

Thu, 14 Aug 2003 11:35:31 -0700

I'm working on some project, and i have to encrypt and decrypt data (i know i should use SSL not only for encryption/decryption tasks but also for transport, but i do not want that), and all is good, when i use one pair of keys(public/prv) for both sender and recipient(recipient sends answer back to the sender). but when i try to use 2 pairs of keys (sender with its own private key, recipient with its own private key, then sender usese recipients public key to encrypt and vice versa) i get empty messages, or some trash decrypted.
this is pretty weird, i do not understand that.
my main functions are:
EVP_PKEY * ReadPublicKey(const char *certfile)
{
FILE *fp = fopen (certfile, "r");
X509 *x509;
EVP_PKEY *pkey;
if (!fp) return NULL;
x509 = PEM_read_X509(fp, NULL, 0, NULL);
if (x509 == NULL) return NULL;
fclose (fp);
pkey=X509_extract_key(x509);
X509_free(x509);
return pkey;
}

EVP_PKEY *ReadPrivateKey(const char *keyfile)
{
        FILE *fp = fopen(keyfile, "r");
        EVP_PKEY *pkey;
        if (!fp) return NULL;
        pkey = PEM_read_PrivateKey(fp, NULL, 0, NULL);
        fclose (fp);
        return pkey;
}

then procedure cryptostart, which uses ReadPublicKey and Read PrivateKey, stores them for further usage.
then i do something like this to encrypt, and decrypt:
char *networking::encrypt (char *data, int *len)
{

    char *bufin = (char *) malloc (EVP_PKEY_size (pub)+1);
    char *bufout = (char *) malloc (EVP_PKEY_size (pub)+1);
    char *buf2 = (char *) malloc (strlen (data) * 2);
    int ll;
    int c1, c2, c3, c4, z1 = EVP_PKEY_size (pub);
    // String is cut into packs of EVP_PKEY(pub) size

    c2 = 0;
    c3 = 0;
#ifdef _DEBUGME_
   printf("encrypting [");
    fflush(stdout);
#endif
    while (data[c2] != 0)
      {
        for (c1 = 0; ((c1 < z1 - 21) && (data[c2] != 0)); c1++)
          {
            bufin[c1] = data[c2++];
          };
        bufin[c1] = 0;
        ll =
          RSA_public_encrypt (strlen (bufin) + 1, (unsigned char *) bufin,
                              (unsigned char *) bufout, pub->pkey.rsa,
                              RSA_PKCS1_PADDING);
#ifdef _DEBUGME_
        printf(".");
        fflush(stdout);
#endif

        memcpy (buf2 + c3, bufout, ll);
        c3 = c3 + ll;
      };
#ifdef _DEBUGME_
        printf("]\n");
        fflush(stdout);
#endif

    buf2[c3] = 0;
    (*len) = c3;

return buf2;

  };
  char *networking::decrypt (char *data, int *len)
  {
    char *bufout = (char *) malloc (EVP_PKEY_size (prv)+1);
    char *bufin = (char *) malloc (EVP_PKEY_size (prv)+1);
    char *buf = (char *) malloc (*len * sizeof (char) + 1);
    int c4 = *len, c1, c3, z1 = EVP_PKEY_size (prv);
    // similar note as before
    c1 = 0;
    c3 = 0;
    buf[0] = 0;
#ifdef _DEBUGME_
    printf("Decrypting [");
    fflush(stdout);
#endif
    while (c4 > 0)
      {
        memcpy (bufin, data + c1, z1);
        RSA_private_decrypt (z1, (unsigned char *) bufin,
                             (unsigned char *) bufout, prv->pkey.rsa,
                             RSA_PKCS1_PADDING);
#ifdef _DEBUGME_
        printf(".");
        fflush(stdout);
#endif
        strcat (buf, bufout);
        c1 = c1 + z1;
        c4 = c4 - z1;
      };
#ifdef _DEBUGME_
    printf("]\n");
#endif
    *len = strlen (buf);
    return buf;
  };

-----------------
once again i'd like to say, that this works with one pair of keys, but it fails with two pairs. (i mean i do not have andy sigsev signals nor compilation errors, but there is missing some functionality)
(oh. i modified Maurice Gittens example)

regards
Cyprian

--
The  paranoids'  way...   /    /       Networked Electronic
 ___  ___       ___  ___ (___ (  ___   Unit Responsible for
|   )|___)|   )|   )|   )|    | |      Online Troubleshooting
|  / |__  |__/ |    |__/ |__  | |__    and Intensive Calculation


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to