rsa_test.cpp

Go to the documentation of this file.

/*****************************************************************************\
*                                                                             *
*  Name   : test RSA public key encryption                                    *
*  Author : Chris Koeritz                                                     *
*                                                                             *
*  Purpose:                                                                   *
*                                                                             *
*    Exercises the RSA encryption functions from the OpenSSL package.         *
*                                                                             *
*******************************************************************************
* Copyright (c) 2005-$now By Author.  This program is free software; you can  *
* redistribute it and/or modify it under the terms of the GNU General Public  *
* License as published by the Free Software Foundation; either version 2 of   *
* the License or (at your option) any later version.  This is online at:      *
*     http://www.fsf.org/copyleft/gpl.html                                    *
* Please send any updates to: fred@gruntose.com                               *
\*****************************************************************************/

#include <basis/byte_array.h>
#include <basis/chaos.h>
#include <basis/function.h>
#include <basis/istring.h>
#include <mechanisms/time_stamp.h>
#include <data_struct/static_memory_gremlin.h>
#include <textual/string_manipulation.h>

#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>

#include <openssl/rsa.h>

#include <stdio.h>
#include <string.h>

HOOPLE_STARTUP_CODE;

const int KEY_SIZE = 1024;
  // the size of the RSA key that we'll create.

const int TEST_RUNS = 100;
  // the number of cycles of testing.

const int SEED_SIZE = 100;
  // the size of the random seed that we'll use.

const int MAX_STRING = 100000;
  // the largest chunk that we'll try to encrypt.

chaos rando;

RSA *generate_key()
{
  RSA *to_return = RSA_generate_key(512, 65537, NIL, NIL);
  if (!to_return) {
printf("failed to generate a key\n");
    return NIL;
  }

  int check = RSA_check_key(to_return);
  if (check != 1) {
printf("failed to check the key\n");
    return NIL;
  }
  return to_return;
}

const byte_array &random_seed()
{
  static byte_array seed;
  static bool initted = false;
  if (!initted) {
    for (int i = 0; i < SEED_SIZE; i++) {
      seed += byte(rando.inclusive(0, 255));
    }
    initted = true;
  }
  return seed;
}

// flen must be less than RSA_size(rsa) - 11 for the PKCS #1 v1.5 based padding modes, less than
// RSA_size(rsa) - 41 for RSA_PKCS1_OAEP_PADDING and exactly RSA_size(rsa) for RSA_NO_PADDING.


// rsa_public_encryption and rsa_private_decryption are a pair.
// an untrusted user can encrypt with the public key and only the possessor of
// the private key should be able to decrypt it.

bool rsa_public_encryption(RSA *key, const byte_array &source,
    byte_array &target)
{
  target.reset();
  const int max_chunk = RSA_size(key) - 12;
//printf("max chunk for encryption is %d\n", max_chunk);

  byte_array cipher(RSA_size(key));
  for (int i = 0; i < source.length(); i += max_chunk) {
    int edge = i + max_chunk - 1;
    if (edge > source.last())
      edge = source.last();
//printf("range now %d to %d\n", i, edge);
    int next_chunk = edge - i + 1;
    RSA_public_encrypt(next_chunk, &source[i],
        cipher.access(), key, RSA_PKCS1_PADDING);
    target += cipher;
  }
  return true;
}

bool rsa_private_decryption(RSA *key, const byte_array &source,
    byte_array &target)
{
  target.reset();
  const int max_chunk = RSA_size(key);
//printf("max chunk for decryption is %d\n", max_chunk);

  byte_array uncipher(max_chunk);
  for (int i = 0; i < source.length(); i += max_chunk) {
    int edge = i + max_chunk - 1;
    if (edge > source.last())
      edge = source.last();
    int next_chunk = edge - i + 1;
//printf("range now %d to %d\n", i, edge);
    int dec_size = RSA_private_decrypt(next_chunk, &source[i],
        uncipher.access(), key, RSA_PKCS1_PADDING);
//printf("got decryp size %d\n", dec_size);
    if (dec_size < 0) return false;  // that didn't work.
    uncipher.zap(dec_size, uncipher.last());
    target += uncipher;
    uncipher.reset(max_chunk);
  }
  return true;
}


// rsa_private_encryption and rsa_public_decryption are a pair.
// the trusted user with the private key can create encrypted chunks that
// anyone with the public key can decrypt.

bool rsa_private_encryption(RSA *key, const byte_array &source,
    byte_array &target)
{
  target.reset();
  const int max_chunk = RSA_size(key) - 12;
//printf("max chunk for encryption is %d\n", max_chunk);

  byte_array cipher(RSA_size(key));
  for (int i = 0; i < source.length(); i += max_chunk) {
    int edge = i + max_chunk - 1;
    if (edge > source.last())
      edge = source.last();
//printf("range now %d to %d\n", i, edge);
    int next_chunk = edge - i + 1;
    RSA_private_encrypt(next_chunk, &source[i],
        cipher.access(), key, RSA_PKCS1_PADDING);
    target += cipher;
  }
  return true;
}

bool rsa_public_decryption(RSA *key, const byte_array &source,
    byte_array &target)
{
  target.reset();
  const int max_chunk = RSA_size(key);
//printf("max chunk for decryption is %d\n", max_chunk);

  byte_array uncipher(max_chunk);
  for (int i = 0; i < source.length(); i += max_chunk) {
    int edge = i + max_chunk - 1;
    if (edge > source.last())
      edge = source.last();
    int next_chunk = edge - i + 1;
//printf("range now %d to %d\n", i, edge);
    int dec_size = RSA_public_decrypt(next_chunk, &source[i],
        uncipher.access(), key, RSA_PKCS1_PADDING);
//printf("got decryp size %d\n", dec_size);
    if (dec_size < 0) return false;  // that didn't work.
    uncipher.zap(dec_size, uncipher.last());
    target += uncipher;
    uncipher.reset(max_chunk);
  }
  return true;
}


int main(int formal(argc), char *formal(argv)[])
{
  CRYPTO_malloc_debug_init();

  CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);

  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

  RAND_seed(random_seed().observe(), SEED_SIZE);

  time_stamp start;

  istring fodder = string_manipulation::make_random_name(MAX_STRING + 1,
      MAX_STRING + 1);

  for (int i = 0; i < TEST_RUNS; i++) {
    time_stamp start;
    RSA *private_key = generate_key();
    int key_durat = int(time_stamp().value() - start.value());

    RSA *public_key = RSAPublicKey_dup(private_key);
      // make our public portion.

//RSA_print_fp(stdout, private_key, 0);
//RSA_print_fp(stdout, public_key, 0);

    int string_start = rando.inclusive(0, MAX_STRING);
    int string_end = rando.inclusive(0, MAX_STRING);
    flip_increasing(string_start, string_end);
    istring ranstring = fodder.substring(string_start, string_end);
    byte_array target;

    // the first phase tests the outsiders sending back data that only we,
    // with our private key, can decrypt.

    start.reset();
    bool worked = rsa_public_encryption(public_key,
        byte_array(ranstring.length() + 1, (byte*)ranstring.s()), target);
    int pub_enc_durat = int(time_stamp().value() - start.value());
    if (!worked)
      deadly_error("rsa_test", "phase 1", "failed to encrypt the string!\n");

    byte_array recovered;
    start.reset();
    worked = rsa_private_decryption(private_key, target, recovered);
    int priv_dec_durat = int(time_stamp().value() - start.value());
    if (!worked)
      deadly_error("rsa_test", "phase 1", "failed to decrypt the string!\n");

    istring teddro = (char *)recovered.observe();

    if (teddro != ranstring)
      printf("failed to get back the data!\n");

    // the second phase tests us using our private key to encrypt data which
    // anyone with the public key can decode.

    start.reset();
    worked = rsa_private_encryption(private_key,
        byte_array(ranstring.length() + 1, (byte*)ranstring.s()), target);
    int priv_enc_durat = int(time_stamp().value() - start.value());
    if (!worked)
      deadly_error("rsa_test", "phase 2", "failed to encrypt the string!\n");

    start.reset();
    worked = rsa_public_decryption(public_key, target, recovered);
    int pub_dec_durat = int(time_stamp().value() - start.value());
    if (!worked)
      deadly_error("rsa_test", "phase 2", "failed to decrypt the string!\n");

    teddro = (char *)recovered.observe();

    if (teddro != ranstring)
      printf("failed to get back the data!\n");

    printf("key generation: %d ms, public encrypt: %d ms, private "
        "decrypt: %d ms\n", key_durat, pub_enc_durat, priv_dec_durat);
    printf("data size: %d bytes, private encrypt: %d ms, public "
        "decrypt: %d ms\n",
        string_end - string_start + 1, priv_enc_durat, pub_dec_durat);
    printf("\n");

    RSA_free(public_key);
    RSA_free(private_key);
  }

  int duration = int(time_stamp().value() - start.value());
  printf("duration for %d keys and encrypt/decrypt=%d ms,\n",
      TEST_RUNS, duration);
  printf("that comes to %d ms per cycle.\n", duration / TEST_RUNS);

  CRYPTO_cleanup_all_ex_data();
  ERR_remove_state(0);

  CRYPTO_mem_leaks_fp(stderr);

  return 0;
}

---