214 lines
11 KiB
Plaintext
214 lines
11 KiB
Plaintext
SSLeay: a cryptographic kitchen sink.
|
|
|
|
1st December 1995
|
|
Way back at the start of April 1995, I was looking for a mindless
|
|
programming project. A friend of mine (Tim Hudson) said "why don't you do SSL,
|
|
it has DES encryption in it and I would not mind using it in a SSL telnet".
|
|
While it was true I had written a DES library in previous years, litle
|
|
did I know what an expansive task SSL would turn into.
|
|
|
|
First of all, the SSL protocol contains DES encryption. Well and good. My
|
|
DES library was fast and portable. It also contained the RSA's RC4 stream
|
|
cipher. Again, not a problem, some-one had just posted to sci.crypt
|
|
something that was claimed to be RC4. It also contained IDEA, I had the
|
|
specifications, not a problem to implement. MD5, an RFC, trivial, at most
|
|
I could spend a week or so trying to see if I could speed up the
|
|
implementation. All in all a nice set of ciphers.
|
|
Then the first 'expantion of the scope', RSA public key
|
|
encryption. Since I did not knowing a thing about public key encryption
|
|
or number theory, this appeared quite a daunting task. Just writing a
|
|
big number library would be problomatic in itself, let alone making it fast.
|
|
At this point the scope of 'implementing SSL' expands eponentialy.
|
|
First of all, the RSA private keys were being kept in ASN.1 format.
|
|
Thankfully the RSA PKCS series of documents explains this format. So I now
|
|
needed to be able to encode and decode arbitary ASN.1 objects. The Public
|
|
keys were embeded in X509 certificates. Hmm... these are not only
|
|
ASN.1 objects but they make up a heirachy of authentication. To
|
|
authenticate a X509 certificate one needs to retrieve it's issuers
|
|
certificate etc etc. Hmm..., so I also need to implement some kind
|
|
of certificate management software. I would also have to implement
|
|
software to authenticate certificates. At this point the support code made
|
|
the SSL part of my library look quite small.
|
|
Around this time, the first version of SSLeay was released.
|
|
|
|
Ah, but here was the problem, I was not happy with the code so far. As may
|
|
have become obvious, I had been treating all of this as a learning
|
|
exersize, so I have completely written the library myself. As such, due
|
|
to the way it had grown like a fungus, much of the library was not
|
|
'elagent' or neat. There were global and static variables all over the
|
|
place, the SSL part did not even handle non-blocking IO.
|
|
The Great rewrite began.
|
|
|
|
As of this point in time, the 'Great rewrite' has almost finished. So what
|
|
follows is an approximate list of what is actually SSLeay 0.5.0
|
|
|
|
/********* This needs to be updated for 0.6.0+ *************/
|
|
|
|
---
|
|
The library contains the following routines. Please note that most of these
|
|
functions are not specfic for SSL or any other particular cipher
|
|
implementation. I have tried to make all the routines as general purpose
|
|
as possible. So you should not think of this library as an SSL
|
|
implemtation, but rather as a library of cryptographic functions
|
|
that also contains SSL. I refer to each of these function groupings as
|
|
libraries since they are often capable of functioning as independant
|
|
libraries
|
|
|
|
First up, the general ciphers and message digests supported by the library.
|
|
|
|
MD2 rfc???, a standard 'by parts' interface to this algorithm.
|
|
MD5 rfc???, the same type of interface as for the MD2 library except a
|
|
different algorithm.
|
|
SHA THe Secure Hash Algorithm. Again the same type of interface as
|
|
MD2/MD5 except the digest is 20 bytes.
|
|
SHA1 The 'revised' version of SHA. Just about identical to SHA except
|
|
for one tweak of an inner loop.
|
|
DES This is my libdes library that has been floating around for the last
|
|
few years. It has been enhanced for no other reason than completeness.
|
|
It now supports ecb, cbc, cfb, ofb, cfb64, ofb64 in normal mode and
|
|
triple DES modes of ecb, cbc, cfb64 and ofb64. cfb64 and ofb64 are
|
|
functional interfaces to the 64 bit modes of cfb and ofb used in
|
|
such a way thay they function as single character interfaces.
|
|
RC4 The RSA Inc. stream cipher.
|
|
RC2 The RSA Inc. block cipher.
|
|
IDEA An implmentation of the IDEA cipher, the library supports ecb, cbc,
|
|
cfb64 and ofb64 modes of operation.
|
|
|
|
Now all the above mentioned ciphers and digests libraries support high
|
|
speed, minimal 'crap in the way' type interfaces. For fastest and
|
|
lowest level access, these routines should be used directly.
|
|
|
|
Now there was also the matter of public key crypto systems. These are
|
|
based on large integer arithmatic.
|
|
|
|
BN This is my large integer library. It supports all the normal
|
|
arithmentic operations. It uses malloc extensivly and as such has
|
|
no limits of the size of the numbers being manipulated. If you
|
|
wish to use 4000 bit RSA moduli, these routines will handle it.
|
|
This library also contains routines to 'generate' prime numbers and
|
|
to test for primality. The RSA and DH libraries sit on top of this
|
|
library. As of this point in time, I don't support SHA, but
|
|
when I do add it, it will just sit on top of the routines contained
|
|
in this library.
|
|
RSA This implements the RSA public key algorithm. It also contains
|
|
routines that will generate a new private/public key pair.
|
|
All the RSA functions conform to the PKCS#1 standard.
|
|
DH This is an implementation of the
|
|
Diffie-Hellman protocol. There are all the require routines for
|
|
the protocol, plus extra routines that can be used to generate a
|
|
strong prime for use with a specified generator. While this last
|
|
routine is not generally required by applications implementing DH,
|
|
It is present for completeness and because I thing it is much
|
|
better to be able to 'generate' your own 'magic' numbers as oposed
|
|
to using numbers suplied by others. I conform to the PKCS#3
|
|
standard where required.
|
|
|
|
You may have noticed the preceeding section mentions the 'generation' of
|
|
prime numbers. Now this requries the use of 'random numbers'.
|
|
|
|
RAND This psuedo-random number library is based on MD5 at it's core
|
|
and a large internal state (2k bytes). Once you have entered enough
|
|
seed data into this random number algorithm I don't feel
|
|
you will ever need to worry about it generating predictable output.
|
|
Due to the way I am writing a portable library, I have left the
|
|
issue of how to get good initial random seed data upto the
|
|
application but I do have support routines for saving and loading a
|
|
persistant random number state for use between program runs.
|
|
|
|
Now to make all these ciphers easier to use, a higher level
|
|
interface was required. In this form, the same function would be used to
|
|
encrypt 'by parts', via any one of the above mentioned ciphers.
|
|
|
|
EVP The Digital EnVeloPe library is quite large. At it's core are
|
|
function to perform encryption and decryption by parts while using
|
|
an initial parameter to specify which of the 17 different ciphers
|
|
or 4 different message digests to use. On top of these are implmented
|
|
the digital signature functions, sign, verify, seal and open.
|
|
Base64 encoding of binary data is also done in this library.
|
|
|
|
PEM rfc???? describe the format for Privacy Enhanced eMail.
|
|
As part of this standard, methods of encoding digital enveloped
|
|
data is an ascii format are defined. As such, I use a form of these
|
|
to encode enveloped data. While at this point in time full support
|
|
for PEM has not been built into the library, a minimal subset of
|
|
the secret key and Base64 encoding is present. These reoutines are
|
|
mostly used to Ascii encode binary data with a 'type' associated
|
|
with it and perhaps details of private key encryption used to
|
|
encrypt the data.
|
|
|
|
PKCS7 This is another Digital Envelope encoding standard which uses ASN.1
|
|
to encode the data. At this point in time, while there are some
|
|
routines to encode and decode this binary format, full support is
|
|
not present.
|
|
|
|
As Mentioned, above, there are several different ways to encode
|
|
data structures.
|
|
|
|
ASN1 This library is more a set of primatives used to encode the packing
|
|
and unpacking of data structures. It is used by the X509
|
|
certificate standard and by the PKCS standards which are used by
|
|
this library. It also contains routines for duplicating and signing
|
|
the structures asocisated with X509.
|
|
|
|
X509 The X509 library contains routines for packing and unpacking,
|
|
verifying and just about every thing else you would want to do with
|
|
X509 certificates.
|
|
|
|
PKCS7 PKCS-7 is a standard for encoding digital envelope data
|
|
structures. At this point in time the routines will load and save
|
|
DER forms of these structees. They need to be re-worked to support
|
|
the BER form which is the normal way PKCS-7 is encoded. If the
|
|
previous 2 sentances don't make much sense, don't worry, this
|
|
library is not used by this version of SSLeay anyway.
|
|
|
|
OBJ ASN.1 uses 'object identifiers' to identify objects. A set of
|
|
functions were requred to translate from ASN.1 to an intenger, to a
|
|
character string. This library provieds these translations
|
|
|
|
Now I mentioned an X509 library. X509 specified a hieachy of certificates
|
|
which needs to be traversed to authenticate particular certificates.
|
|
|
|
METH This library is used to push 'methods' of retrieving certificates
|
|
into the library. There are some supplied 'methods' with SSLeay
|
|
but applications can add new methods if they so desire.
|
|
This library has not been finished and is not being used in this
|
|
version.
|
|
|
|
Now all the above are required for use in the initial point of this project.
|
|
|
|
SSL The SSL protocol. This is a full implmentation of SSL v 2. It
|
|
support both server and client authentication. SSL v 3 support
|
|
will be added when the SSL v 3 specification is released in it's
|
|
final form.
|
|
|
|
Now quite a few of the above mentioned libraries rely on a few 'complex'
|
|
data structures. For each of these I have a library.
|
|
|
|
Lhash This is a hash table library which is used extensivly.
|
|
|
|
STACK An implemetation of a Stack data structure.
|
|
|
|
BUF A simple character array structure that also support a function to
|
|
check that the array is greater that a certain size, if it is not,
|
|
it is realloced so that is it.
|
|
|
|
TXT_DB A simple memory based text file data base. The application can specify
|
|
unique indexes that will be enforced at update time.
|
|
|
|
CONF Most of the programs written for this library require a configuration
|
|
file. Instead of letting programs constantly re-implment this
|
|
subsystem, the CONF library provides a consistant and flexable
|
|
interface to not only configuration files but also environment
|
|
variables.
|
|
|
|
But what about when something goes wrong?
|
|
The one advantage (and perhaps disadvantage) of all of these
|
|
functions being in one library was the ability to implement a
|
|
single error reporting system.
|
|
|
|
ERR This library is used to report errors. The error system records
|
|
library number, function number (in the library) and reason
|
|
number. Multiple errors can be reported so that an 'error' trace
|
|
is created. The errors can be printed in numeric or textual form.
|
|
|