120 likes | 163 Views
Group IL-2: John Gibson Theodore Winograd. Extending Kryptos with OpenSSL. Background. Kryptos is educational software for cryptography developed at GMU. Used in ECE 646 and 746 labs Original version part of MS thesis in 2004. Previous versions used only the Crypto++ library.
E N D
Group IL-2: John Gibson Theodore Winograd Extending Kryptos with OpenSSL
Background • Kryptos is educational software for cryptography developed at GMU. • Used in ECE 646 and 746 labs • Original version part of MS thesis in 2004. • Previous versions used only the Crypto++ library. • Why add another library? • Not all libraries implement same ciphers. • Examine implementation differences between libraries.
Accomplishments • Kryptos interfaces with both Crypto++ and OpenSSL • OpenSSL support for hash algorithms • MD2, MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-160 • OpenSSL support for symmetric ciphers • DES, 3DES (EDE2 and EDE3), IDEA, AES, DESX, Blowfish • ECB, CBC, CFB, OFB modes • Kryptos development moved to Visual C++ 2005 • updated Crypto++ library to snapshot 20060419 (version 5.3 development) • SourceForge project • http://www.sourceforge.net/projects/kryptosproject • Code imported to Subversion repository • LibKryptos side project
Library Linking • Previous Kryptos code statically linked to Crypto++ • End product was single executable • Must be rebuilt for every library update • Both Crypto++ and OpenSSL have DLL options for Windows. • Crypto++ DLL only supports their FIPS validated algorithms. Would still need to statically link non-FIPS validated ones. • OpenSSL DLL supports all algorithms • Both libraries have FIPS version, but lag behind newest releases • Conflicting remarks if FIPS OpenSSL may be built with Visual C++
Our path • DLL for OpenSSL, not for Crypto++ • Kryptos is educational software, how important is use of FIPS validated algorithms? • will ensure the operation is correct • won’t have newest versions of libraries • We chose not to use FIPS validated versions of libraries • Used OpenSSL 0.9.8d • First wrote sample code (external to Kryptos) to test using OpenSSL DLL • Added GUI components for OpenSSL to Kryptos
Kryptos Structure • KryptosDlg.cpp controls the action • OnAlgorithmSet • Pulls up the list of algorithms • OnAlgorithmParametersSetAlg • Pulls up the list of algorithm parameters • OnTnwDialogButtonTransform • Loads files • Calls CCryptoPPLink • OnLibSet • Allows library selection • CCryptoPPLink is linkage between Kryptos and Crypto++ library.
Kryptos Structure changes • Created CCryptoLink class • abstract layer between Kryptos and libraries • parent of CCryptoPPLink • Kryptos using CCryptoLink instead of CryptoPPLink directly • Set all non-virtual CCryptoPPLink functions and attributes private • Kryptos tested and working with polymorphism • Created OpenSSLLink class • Implemented hashing and symmetric cipher OpenSSL interfaces
Bumps along the road • Version of Crypto++ used in Kryptos 2.0 not compatible with Visual C++ 2005 • Existing code doesn’t separate GUI and biz logic • Bugs in previous code version (IDEA key size) • Kryptos and Crypto++ “tightly coupled” for public key • Existing code needed cleanup • removed unused files from project • fixed code where longs assigned to ints • fixed signed/unsigned mismatches • muted Visual C++ warnings on unsafe function calls (i.e. strcpy) • updated about dialog box info
Performance Comparison • One library is not faster for all algorithms • Debug code is much slower than release: • SHA-512 of Solaris 10 x86 06/06 DVD ISO (2.81 GB), without I/O • Debug Crypto++ • 484.544551 seconds, 886,111,515,487 cycles • Release Crypto++ • 103.896974 seconds, 190,001,626,958 cycles • OpenSSL (release DLL) 105.715715 seconds, 193,327,758,910 cycles
Screenshots • Kryptos 3.0 • library selection • LibKryptos
Future work • Enable more algorithms offered via the Crypto++ and OpenSSL libraries. • Add more libraries • GUI improvements • Scripting or batch mode • Numerical analysis support for results • Hunt down pesky bugs that cause crashes • Cleanup and further document the code
In Closing... • Kryptos has been extended to use another library. • Available athttp://www.sourceforge.net/projects/kryptosporject • Any questions?