120 likes | 168 Views
Learn how Kryptos, an educational cryptography software, now interfaces with OpenSSL library for more diverse algorithms and improved performance. Explore development details, challenges faced, and future enhancements.
E N D
Group IL-2: John Gibson Theodore Winograd Extending Kryptos with OpenSSL
Background • Kryptos is educational software for cryptography developed at GMU. • Used in ECE 646 and 746 labs • Original version part of MS thesis in 2004. • Previous versions used only the Crypto++ library. • Why add another library? • Not all libraries implement same ciphers. • Examine implementation differences between libraries.
Accomplishments • Kryptos interfaces with both Crypto++ and OpenSSL • OpenSSL support for hash algorithms • MD2, MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-160 • OpenSSL support for symmetric ciphers • DES, 3DES (EDE2 and EDE3), IDEA, AES, DESX, Blowfish • ECB, CBC, CFB, OFB modes • Kryptos development moved to Visual C++ 2005 • updated Crypto++ library to snapshot 20060419 (version 5.3 development) • SourceForge project • http://www.sourceforge.net/projects/kryptosproject • Code imported to Subversion repository • LibKryptos side project
Library Linking • Previous Kryptos code statically linked to Crypto++ • End product was single executable • Must be rebuilt for every library update • Both Crypto++ and OpenSSL have DLL options for Windows. • Crypto++ DLL only supports their FIPS validated algorithms. Would still need to statically link non-FIPS validated ones. • OpenSSL DLL supports all algorithms • Both libraries have FIPS version, but lag behind newest releases • Conflicting remarks if FIPS OpenSSL may be built with Visual C++
Our path • DLL for OpenSSL, not for Crypto++ • Kryptos is educational software, how important is use of FIPS validated algorithms? • will ensure the operation is correct • won’t have newest versions of libraries • We chose not to use FIPS validated versions of libraries • Used OpenSSL 0.9.8d • First wrote sample code (external to Kryptos) to test using OpenSSL DLL • Added GUI components for OpenSSL to Kryptos
Kryptos Structure • KryptosDlg.cpp controls the action • OnAlgorithmSet • Pulls up the list of algorithms • OnAlgorithmParametersSetAlg • Pulls up the list of algorithm parameters • OnTnwDialogButtonTransform • Loads files • Calls CCryptoPPLink • OnLibSet • Allows library selection • CCryptoPPLink is linkage between Kryptos and Crypto++ library.
Kryptos Structure changes • Created CCryptoLink class • abstract layer between Kryptos and libraries • parent of CCryptoPPLink • Kryptos using CCryptoLink instead of CryptoPPLink directly • Set all non-virtual CCryptoPPLink functions and attributes private • Kryptos tested and working with polymorphism • Created OpenSSLLink class • Implemented hashing and symmetric cipher OpenSSL interfaces
Bumps along the road • Version of Crypto++ used in Kryptos 2.0 not compatible with Visual C++ 2005 • Existing code doesn’t separate GUI and biz logic • Bugs in previous code version (IDEA key size) • Kryptos and Crypto++ “tightly coupled” for public key • Existing code needed cleanup • removed unused files from project • fixed code where longs assigned to ints • fixed signed/unsigned mismatches • muted Visual C++ warnings on unsafe function calls (i.e. strcpy) • updated about dialog box info
Performance Comparison • One library is not faster for all algorithms • Debug code is much slower than release: • SHA-512 of Solaris 10 x86 06/06 DVD ISO (2.81 GB), without I/O • Debug Crypto++ • 484.544551 seconds, 886,111,515,487 cycles • Release Crypto++ • 103.896974 seconds, 190,001,626,958 cycles • OpenSSL (release DLL) 105.715715 seconds, 193,327,758,910 cycles
Screenshots • Kryptos 3.0 • library selection • LibKryptos
Future work • Enable more algorithms offered via the Crypto++ and OpenSSL libraries. • Add more libraries • GUI improvements • Scripting or batch mode • Numerical analysis support for results • Hunt down pesky bugs that cause crashes • Cleanup and further document the code
In Closing... • Kryptos has been extended to use another library. • Available athttp://www.sourceforge.net/projects/kryptosporject • Any questions?