Upload
david-preston
View
214
Download
1
Embed Size (px)
Citation preview
Extending Kryptos with OpenSSL
Group IL-2:
John Gibson
Theodore Winograd
Background
• Kryptos is educational software for cryptography developed at GMU.– Used in ECE 646 and 746 labs
• Original version part of MS thesis in 2004.• Previous versions used only the Crypto++
library.• Why add another library?
– Not all libraries implement same ciphers.– Examine implementation differences between
libraries.
Accomplishments
• Kryptos interfaces with both Crypto++ and OpenSSL– OpenSSL support for hash algorithms
• MD2, MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-160
– OpenSSL support for symmetric ciphers
• DES, 3DES (EDE2 and EDE3), IDEA, AES, DESX, Blowfish
• ECB, CBC, CFB, OFB modes
• Kryptos development moved to Visual C++ 2005– updated Crypto++ library to snapshot 20060419 (version 5.3 development)
• SourceForge project– http://www.sourceforge.net/projects/kryptosproject
– Code imported to Subversion repository
• LibKryptos side project
Library Linking
• Previous Kryptos code statically linked to Crypto++– End product was single executable
– Must be rebuilt for every library update
• Both Crypto++ and OpenSSL have DLL options for Windows.– Crypto++ DLL only supports their FIPS validated algorithms. Would still
need to statically link non-FIPS validated ones.
– OpenSSL DLL supports all algorithms
• Both libraries have FIPS version, but lag behind newest releases– Conflicting remarks if FIPS OpenSSL may be built with Visual C++
Our path
• DLL for OpenSSL, not for Crypto++
• Kryptos is educational software, how important is use of FIPS validated algorithms?– will ensure the operation is correct
– won’t have newest versions of libraries
• We chose not to use FIPS validated versions of libraries
• Used OpenSSL 0.9.8d– First wrote sample code (external to Kryptos) to test using
OpenSSL DLL
– Added GUI components for OpenSSL to Kryptos
Kryptos Structure
• KryptosDlg.cpp controls the action– OnAlgorithmSet
• Pulls up the list of algorithms
– OnAlgorithmParametersSetAlg• Pulls up the list of algorithm parameters
– OnTnwDialogButtonTransform • Loads files• Calls CCryptoPPLink
– OnLibSet • Allows library selection
• CCryptoPPLink is linkage between Kryptos and Crypto++ library.
Kryptos Structure changes
• Created CCryptoLink class– abstract layer between Kryptos
and libraries– parent of CCryptoPPLink
• Kryptos using CCryptoLink instead of CryptoPPLink directly
• Set all non-virtual CCryptoPPLink functions and attributes private
• Kryptos tested and working with polymorphism
• Created OpenSSLLink class– Implemented hashing and
symmetric cipher OpenSSL interfaces
Bumps along the road
• Version of Crypto++ used in Kryptos 2.0 not compatible with Visual C++ 2005
• Existing code doesn’t separate GUI and biz logic• Bugs in previous code version (IDEA key size)• Kryptos and Crypto++ “tightly coupled” for public
key• Existing code needed cleanup
– removed unused files from project
– fixed code where longs assigned to ints
– fixed signed/unsigned mismatches
– muted Visual C++ warnings on unsafe function calls (i.e. strcpy)
– updated about dialog box info
Performance Comparison
• One library is not faster for all algorithms
• Debug code is much slower than release:– SHA-512 of Solaris 10 x86 06/06
DVD ISO (2.81 GB), without I/O• Debug Crypto++• 484.544551 seconds,
886,111,515,487 cycles• Release Crypto++ • 103.896974 seconds,
190,001,626,958 cycles• OpenSSL (release DLL)
105.715715 seconds, 193,327,758,910 cycles
Screenshots
• Kryptos 3.0– library selection
• LibKryptos
Future work
• Enable more algorithms offered via the Crypto++ and OpenSSL libraries.
• Add more libraries • GUI improvements• Scripting or batch mode• Numerical analysis support for results• Hunt down pesky bugs that cause crashes• Cleanup and further document the code
In Closing...
• Kryptos has been extended to use another library.
• Available at http://www.sourceforge.net/projects/kryptosporject
• Any questions?