1. Extending Kryptos with OpenSSL Group IL-2: John Gibson Theodore Winograd

2. Background Kryptos is educational software for cryptography developed at GMU. –Used in ECE 646 and 746 labs Original version part of MS thesis in 2004. Previous versions used only the Crypto++ library. Why add another library? –Not all libraries implement same ciphers. –Examine implementation differences between libraries.

3. Accomplishments Kryptos interfaces with both Crypto++ and OpenSSL –OpenSSL support for hash algorithms MD2, MD4, MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-160 –OpenSSL support for symmetric ciphers DES, 3DES (EDE2 and EDE3), IDEA, AES, DESX, Blowfish ECB, CBC, CFB, OFB modes Kryptos development moved to Visual C++ 2005 –updated Crypto++ library to snapshot 20060419 (version 5.3 development) SourceForge project –http://www.sourceforge.net/projects/kryptosprojecthttp://www.sourceforge.net/projects/kryptosproject –Code imported to Subversion repository LibKryptos side project

4. Library Linking Previous Kryptos code statically linked to Crypto++ –End product was single executable –Must be rebuilt for every library update Both Crypto++ and OpenSSL have DLL options for Windows. –Crypto++ DLL only supports their FIPS validated algorithms. Would still need to statically link non-FIPS validated ones. –OpenSSL DLL supports all algorithms Both libraries have FIPS version, but lag behind newest releases –Conflicting remarks if FIPS OpenSSL may be built with Visual C++

5. Our path DLL for OpenSSL, not for Crypto++ Kryptos is educational software, how important is use of FIPS validated algorithms? –will ensure the operation is correct –won’t have newest versions of libraries We chose not to use FIPS validated versions of libraries Used OpenSSL 0.9.8d –First wrote sample code (external to Kryptos) to test using OpenSSL DLL –Added GUI components for OpenSSL to Kryptos

6. Kryptos Structure KryptosDlg.cpp controls the action –OnAlgorithmSet Pulls up the list of algorithms –OnAlgorithmParametersSetAlg Pulls up the list of algorithm parameters –OnTnwDialogButtonTransform Loads files Calls CCryptoPPLink –OnLibSet Allows library selection CCryptoPPLink is linkage between Kryptos and Crypto++ library.

7. Kryptos Structure changes Created CCryptoLink class –abstract layer between Kryptos and libraries –parent of CCryptoPPLink Kryptos using CCryptoLink instead of CryptoPPLink directly Set all non-virtual CCryptoPPLink functions and attributes private Kryptos tested and working with polymorphism Created OpenSSLLink class –Implemented hashing and symmetric cipher OpenSSL interfaces

8. Bumps along the road Version of Crypto++ used in Kryptos 2.0 not compatible with Visual C++ 2005 Existing code doesn’t separate GUI and biz logic Bugs in previous code version (IDEA key size) Kryptos and Crypto++ “tightly coupled” for public key Existing code needed cleanup –removed unused files from project –fixed code where longs assigned to ints –fixed signed/unsigned mismatches –muted Visual C++ warnings on unsafe function calls (i.e. strcpy) –updated about dialog box info

9. Performance Comparison One library is not faster for all algorithms  Debug code is much slower than release: –SHA-512 of Solaris 10 x86 06/06 DVD ISO (2.81 GB), without I/O Debug Crypto++ 484.544551 seconds, 886,111,515,487 cycles Release Crypto++ 103.896974 seconds, 190,001,626,958 cycles OpenSSL (release DLL) 105.715715 seconds, 193,327,758,910 cycles

10. Screenshots Kryptos 3.0 –library selection LibKryptos

11. Future work Enable more algorithms offered via the Crypto++ and OpenSSL libraries. Add more libraries GUI improvements Scripting or batch mode Numerical analysis support for results Hunt down pesky bugs that cause crashes Cleanup and further document the code

12. In Closing... Kryptos has been extended to use another library. Available at http://www.sourceforge.net/projects/kryptosporject http://www.sourceforge.net/projects/kryptosporject Any questions?