OpenSSL, RSA, AES, and C++

[Nytro]

[h=1]OpenSSL, RSA, AES, and C++[/h]

In my seemingly endless side project to implement RSA and AES encryption to my Alsa Server project, I wrote a while ago about doing simple RSA encryption with OpenSSL. Now, I’m here to say that I was doing it all wrong. In my first post about RSA encryption and OpenSSL my code was using the low level RSA functions when I should have been using the high level EVP (envelope) functions, which are much nicer to work with once you get the hang of them.

Being that this code is eventually going to be merged in my Alsa server project, I went ahead and also implemented AES encryption/decryption and put everything in an easy to use C++ class.

I assume that readers are familiar with encryption and OpenSSL terminology (things like IV, key lengths, public vs private keys, etc.). If not, look it up since there are much better explanations out there so why reinvent the wheel by explaining them here?

Moving on. First up, since all the code presented is in various functions from a class (full listing is at the end), let’s look at the class members, and constructors first to understand where some of these variables are coming from. Below are all the class members. I know, not exactly intuitive, but bear with me.

Header:

#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/aes.h>
#include <openssl/err.h>
#include <stdio.h>
#include <string>
#include <string.h>

#define DEBUG

#ifdef DEBUG
#define DEFAULT_RSA_KEYLEN 1024
#define DEFAULT_AES_KEYLEN 128
#define AES_ROUNDS 3
#else
#define DEFAULT_RSA_KEYLEN 2048
#define DEFAULT_AES_KEYLEN 256
#define AES_ROUNDS 6
#endif

#define PSUEDO_CLIENT

#define SALT         "alsa_channel_control"
#define AES_KEY_PASS "alsa_channel_control"

#define SUCCESS 0
#define FAILURE -1

#define KEY_SERVER_PRI 0
#define KEY_SERVER_PUB 1
#define KEY_CLIENT_PUB 2

class ServerCrypto {
public:
    ServerCrypto();

    ServerCrypto(unsigned char *clientPubKey, size_t clientPubKeyLen);

    ServerCrypto(unsigned char *clientPubKey, size_t clientPubKeyLen, size_t rsaKeyLen, size_t aesKeyLen);

    ~ServerCrypto();

    int rsaEncrypt(std::string msg, unsigned char **encMsg);

    int rsaEncrypt(const char *msg, size_t msgLen, unsigned char **encMsg);

    int aesEncrypt(std::string msg, unsigned char **encMsg);

    int aesEncrypt(const char *msg, size_t msgLen, unsigned char **encMsg);

    std::string rsaDecrypt(unsigned char *encMsg, size_t encMsgLen);

    int rsaDecrypt(unsigned char *encMsg, size_t encMsgLen, char **decMsg);

    std::string aesDecrypt(unsigned char *encMsg, size_t encMsgLen);

    int aesDecrypt(unsigned char *encMsg, size_t encMsgLen, char **decMsg);

    int writeKeyToFile(FILE *fd, int key);

    int setClientPubKey(unsigned char* pubKey, size_t pubKeyLen);

    unsigned char* getServerPubKey();

    unsigned char* getServerPriKey();

    unsigned char* getServerAESKey();

private:
    EVP_PKEY *serverKeypair;
    EVP_PKEY *clientPubKey;

    EVP_CIPHER_CTX *rsaEncryptCtx;
    EVP_CIPHER_CTX *aesEncryptCtx;

    EVP_CIPHER_CTX *rsaDecryptCtx;
    EVP_CIPHER_CTX *aesDecryptCtx;

    unsigned char *rsaSymKey;
    int rsaSymKeyLen;
    unsigned char *rsaIV;

    unsigned char *aesKey;
    unsigned char *aesIV;

    size_t encryptLen;

    int init(size_t rsaKeyLen, size_t aesKeyLen);
    int genTestClientKey(int keyLen);
};

Articol complet:

http://shanetully.com/2012/06/openssl-rsa-aes-and-c-oh-my/