Extending Kryptos with OpenSSL

Group IL-2:

John Gibson

Theodore Winograd

Background

• Kryptos is educational software for cryptography developed at GMU.– Used in ECE 646 and 746 labs

• Original version part of MS thesis in 2004.• Previous versions used only the Crypto++

library.• Why add another library?

– Not all libraries implement same ciphers.– Examine implementation differences between

libraries.

Accomplishments

• Kryptos interfaces with both Crypto++ and OpenSSL– OpenSSL support for hash algorithms

• MD2, MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-160

– OpenSSL support for symmetric ciphers

• DES, 3DES (EDE2 and EDE3), IDEA, AES, DESX, Blowfish

• ECB, CBC, CFB, OFB modes

• Kryptos development moved to Visual C++ 2005– updated Crypto++ library to snapshot 20060419 (version 5.3 development)

• SourceForge project– http://www.sourceforge.net/projects/kryptosproject

– Code imported to Subversion repository

• LibKryptos side project

Library Linking

• Previous Kryptos code statically linked to Crypto++– End product was single executable

– Must be rebuilt for every library update

• Both Crypto++ and OpenSSL have DLL options for Windows.– Crypto++ DLL only supports their FIPS validated algorithms. Would still

need to statically link non-FIPS validated ones.

– OpenSSL DLL supports all algorithms

• Both libraries have FIPS version, but lag behind newest releases– Conflicting remarks if FIPS OpenSSL may be built with Visual C++

Our path

• DLL for OpenSSL, not for Crypto++

• Kryptos is educational software, how important is use of FIPS validated algorithms?– will ensure the operation is correct

– won’t have newest versions of libraries

• We chose not to use FIPS validated versions of libraries

• Used OpenSSL 0.9.8d– First wrote sample code (external to Kryptos) to test using

OpenSSL DLL

– Added GUI components for OpenSSL to Kryptos

Kryptos Structure

• KryptosDlg.cpp controls the action– OnAlgorithmSet

• Pulls up the list of algorithms

– OnAlgorithmParametersSetAlg• Pulls up the list of algorithm parameters

– OnTnwDialogButtonTransform • Loads files• Calls CCryptoPPLink

– OnLibSet • Allows library selection

• CCryptoPPLink is linkage between Kryptos and Crypto++ library.

Kryptos Structure changes

• Created CCryptoLink class– abstract layer between Kryptos

and libraries– parent of CCryptoPPLink

• Kryptos using CCryptoLink instead of CryptoPPLink directly

• Set all non-virtual CCryptoPPLink functions and attributes private

• Kryptos tested and working with polymorphism

• Created OpenSSLLink class– Implemented hashing and

symmetric cipher OpenSSL interfaces

Bumps along the road

• Version of Crypto++ used in Kryptos 2.0 not compatible with Visual C++ 2005

• Existing code doesn’t separate GUI and biz logic• Bugs in previous code version (IDEA key size)• Kryptos and Crypto++ “tightly coupled” for public

key• Existing code needed cleanup

– removed unused files from project

– fixed code where longs assigned to ints

– fixed signed/unsigned mismatches

– muted Visual C++ warnings on unsafe function calls (i.e. strcpy)

– updated about dialog box info

Performance Comparison

• One library is not faster for all algorithms

• Debug code is much slower than release:– SHA-512 of Solaris 10 x86 06/06

DVD ISO (2.81 GB), without I/O• Debug Crypto++• 484.544551 seconds,

886,111,515,487 cycles• Release Crypto++ • 103.896974 seconds,

190,001,626,958 cycles• OpenSSL (release DLL)

105.715715 seconds, 193,327,758,910 cycles

Screenshots

• Kryptos 3.0– library selection

• LibKryptos

Future work

• Enable more algorithms offered via the Crypto++ and OpenSSL libraries.

• Add more libraries • GUI improvements• Scripting or batch mode• Numerical analysis support for results• Hunt down pesky bugs that cause crashes• Cleanup and further document the code

In Closing...

• Kryptos has been extended to use another library.

• Available at http://www.sourceforge.net/projects/kryptosporject

• Any questions?