1 / 12

Extending Kryptos with OpenSSL

Group IL-2: John Gibson Theodore Winograd. Extending Kryptos with OpenSSL. Background. Kryptos is educational software for cryptography developed at GMU. Used in ECE 646 and 746 labs Original version part of MS thesis in 2004. Previous versions used only the Crypto++ library.

lynnbaxter
Télécharger la présentation

Extending Kryptos with OpenSSL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Group IL-2: John Gibson Theodore Winograd Extending Kryptos with OpenSSL

  2. Background • Kryptos is educational software for cryptography developed at GMU. • Used in ECE 646 and 746 labs • Original version part of MS thesis in 2004. • Previous versions used only the Crypto++ library. • Why add another library? • Not all libraries implement same ciphers. • Examine implementation differences between libraries.

  3. Accomplishments • Kryptos interfaces with both Crypto++ and OpenSSL • OpenSSL support for hash algorithms • MD2, MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-160 • OpenSSL support for symmetric ciphers • DES, 3DES (EDE2 and EDE3), IDEA, AES, DESX, Blowfish • ECB, CBC, CFB, OFB modes • Kryptos development moved to Visual C++ 2005 • updated Crypto++ library to snapshot 20060419 (version 5.3 development) • SourceForge project • http://www.sourceforge.net/projects/kryptosproject • Code imported to Subversion repository • LibKryptos side project

  4. Library Linking • Previous Kryptos code statically linked to Crypto++ • End product was single executable • Must be rebuilt for every library update • Both Crypto++ and OpenSSL have DLL options for Windows. • Crypto++ DLL only supports their FIPS validated algorithms. Would still need to statically link non-FIPS validated ones. • OpenSSL DLL supports all algorithms • Both libraries have FIPS version, but lag behind newest releases • Conflicting remarks if FIPS OpenSSL may be built with Visual C++

  5. Our path • DLL for OpenSSL, not for Crypto++ • Kryptos is educational software, how important is use of FIPS validated algorithms? • will ensure the operation is correct • won’t have newest versions of libraries • We chose not to use FIPS validated versions of libraries • Used OpenSSL 0.9.8d • First wrote sample code (external to Kryptos) to test using OpenSSL DLL • Added GUI components for OpenSSL to Kryptos

  6. Kryptos Structure • KryptosDlg.cpp controls the action • OnAlgorithmSet • Pulls up the list of algorithms • OnAlgorithmParametersSetAlg • Pulls up the list of algorithm parameters • OnTnwDialogButtonTransform • Loads files • Calls CCryptoPPLink • OnLibSet • Allows library selection • CCryptoPPLink is linkage between Kryptos and Crypto++ library.

  7. Kryptos Structure changes • Created CCryptoLink class • abstract layer between Kryptos and libraries • parent of CCryptoPPLink • Kryptos using CCryptoLink instead of CryptoPPLink directly • Set all non-virtual CCryptoPPLink functions and attributes private • Kryptos tested and working with polymorphism • Created OpenSSLLink class • Implemented hashing and symmetric cipher OpenSSL interfaces

  8. Bumps along the road • Version of Crypto++ used in Kryptos 2.0 not compatible with Visual C++ 2005 • Existing code doesn’t separate GUI and biz logic • Bugs in previous code version (IDEA key size) • Kryptos and Crypto++ “tightly coupled” for public key • Existing code needed cleanup • removed unused files from project • fixed code where longs assigned to ints • fixed signed/unsigned mismatches • muted Visual C++ warnings on unsafe function calls (i.e. strcpy) • updated about dialog box info

  9. Performance Comparison • One library is not faster for all algorithms  • Debug code is much slower than release: • SHA-512 of Solaris 10 x86 06/06 DVD ISO (2.81 GB), without I/O • Debug Crypto++ • 484.544551 seconds, 886,111,515,487 cycles • Release Crypto++ • 103.896974 seconds, 190,001,626,958 cycles • OpenSSL (release DLL) 105.715715 seconds, 193,327,758,910 cycles

  10. Screenshots • Kryptos 3.0 • library selection • LibKryptos

  11. Future work • Enable more algorithms offered via the Crypto++ and OpenSSL libraries. • Add more libraries • GUI improvements • Scripting or batch mode • Numerical analysis support for results • Hunt down pesky bugs that cause crashes • Cleanup and further document the code

  12. In Closing... • Kryptos has been extended to use another library. • Available athttp://www.sourceforge.net/projects/kryptosporject • Any questions?

More Related