How do I convert xor encryption from using std::string to just char or char *?

Question

So essentially with the libraries that i'm working with I cannot use std::string, as it uses a somewhat depreciated version of C++ I need to convert this xor function from using std::string to just using char or char *. I have been trying but I cannot figure out what I am doing wrong, as I get an error. Here is the code:

string encryptDecrypt(string toEncrypt) {
    char key[] = "DSIHKGDSHIGOK$%#%45434etG34th8349ty"; //Any chars will work
    string output = toEncrypt;

    for (int i = 0; i < toEncrypt.size(); i++)
        output[i] = toEncrypt[i] ^ key[i % (sizeof(key) / sizeof(char))];

    return output;
}

If anyone could help me out, that would be great. I am unsure as to why I cannot do it by simply changing the strings to char *.

Edit:

What I have tried is:

char * encryptDecrypt(char * toEncrypt) {
    char key[] = "DSIHKGDSHIGOK$%#%45434etG34th8349ty"; //Any chars will work 
    char * output = toEncrypt; 
    for (int i = 0; i < sizeof(toEncrypt); i++) 
        output[i] = toEncrypt[i] ^ key[i % (sizeof(key) / sizeof(char))]; 
    return output; 
}

Please note I am not trying to convert an std::string to char, I simply cannot use std::string in any instance of this function. Therefore, my question is not answered. Please read my question more carefully before marking it answered...

Answer 1

The issue here is

char * output = toEncrypt; 

This is making output point to toEncrypt which is not what you want to do. What you need to do is allocate a new char* and then copy the contents of toEncrypt into output

char * encryptDecrypt(char * toEncrypt) {
    char key[] = "DSIHKGDSHIGOK$%#%45434etG34th8349ty"; //Any chars will work 
    int string_size = std::strlen(toEncrypt); 
    char * output = new char[string_size + 1]; // add one for the null byte
    std::strcpy(output, toEncrypt); //copy toEncrypt into output
    for (int i = 0; i < string_size; i++) 
        output[i] = toEncrypt[i] ^ key[i % (sizeof(key) / sizeof(char))]; 
    return output; 
}

Live Example

Since we are using dynamic memory allocation here we need to make sure that the caller deletes the memory when done otherwise it will be a memory leak.

Answer 2

What error are you getting? You can easily use a char* to do the same thing, I've included a sample program that verifies the functionality. This was built under VS2012.

#include <string>
#include <stdio.h>

std::string encryptDecrypt( std::string toEncrypt)
{
    char key[] = "DSIHKGDSHIGOK$%#%45434etG34th8349ty"; //Any chars will work
    std::string output = toEncrypt;

    for (int i = 0; i < toEncrypt.size(); i++)
        output[i] = toEncrypt[i] ^ key[i % (sizeof(key) / sizeof(char))];

    return output;
}

void encryptDecrypt( char* toEncrypt )
{
    char key[] = "DSIHKGDSHIGOK$%#%45434etG34th8349ty"; //Any chars will work
    int len = strlen( toEncrypt );

    for (int i = 0; i < len; i++)
        toEncrypt[i] = toEncrypt[i] ^ key[i % (sizeof(key) / sizeof(char))];
}

int main( int argc, char* argv[] )
{
    const char* sample = "This is a sample string to process";
    int len = strlen( sample );
    char* p = new char[ len + 1 ];
    p[len] = '\0';
    strcpy( p, sample );

    std::string output = encryptDecrypt( sample );
    encryptDecrypt( p );

    bool match = strcmp(output.c_str(), p) == 0;
    printf( "The two encryption functions %smatch.\n", match ? "" : "do not "   );

    return 0;
}

Answer 3

sizeof() is a compile-time operator that evaluates the size of the type of its argument. When you do sizeof(toEncrypt), you're really just doing sizeof(char*) -- not the length of the string, which is what you want. You'll need to somehow indicate how long the toEncrypt string is. Here are two possible solutions:

1. Add an integer argument to encryptDecrypt specifying the length of toEncrypt in characters.

2. If you know that toEncrypt will never contain the null byte as a valid character for encryption / decryption (not sure of your application) and can assume that toEncrypt is null-terminated, you could use the strlen function to determine string length at runtime.

I'd recommend option 1, as strlen can introduce security holes if you're not careful, and also because it allows the use of null bytes within your string arguments.

Answer 4

Why not instead of string output = toEncrypt :

char *output = new char[std::strlen(toEncrypt) + 1];
std::strcpy(output, toEncrypt);