Untitled Document

Homework 1: Programming with OpenSSL

Perform the following tasks:

Part I - Encryption API

Download and build OpenSSL package from www.openssl.org

a. Use OpenSSL APIs and create a shared library or DLL that contains the following functions

//
// Encryption using DES
//
// Note:
//   Only required character password, key will be generated
//   internally
//
extern void NS_DES_Encrypt(
                        const char* inputBuffer,
                        int inBufLen,
                        char* outputBuffer,
                        int* outBufLen,
                        char* password);

//
// Decryption using DES
//
// Note:
//   Only required character password, key will be generated
//   internally
//
extern void NS_DES_Decrypt (
                        const char* inputBuffer,
                        int inBufLen,
                        char* outputBuffer,
                        int* outBufLen,
                        char* password);

b. Create a test driver program called testdriver.c that tests and ensure the correctness of the functions in a.

Part II - Certificate Creation API

a. Use OpenSSL APIs and create a shared library or DLL that contains the following functions

typedef struct certificate_extension
{
        char    nid[OID_MAX_SIZE];
        char    alias[ALIAS_MAX_SIZE];
        char    description[DESC_MAX_SIZE];
        char    alias_desc[DESC_MAX_SIZE];
        struct certificate_extension*   next;
} cert_ext;

typedef struct certificate_information
{
        int     bits_stength;
        int     x509_version;
        int     serial;
        long    validity_day_length;
        char    subjectName[SUBJECTNAME_MAX_SIZE];
        char    issuerName[ISSUERNAME_MAX_SIZE];
        char    nid_basic_constraints[NID_BASICCONSTRAINTS_MAX_SIZE];
        char    nid_key_usage[NID_KEY_USAGE_MAX_SIZE];
        char    nid_subject_key_identifier[NID_SUBKEYID_MAX_SIZE];
        char    nid_netscape_cert_type[NID_NS_CERT_TYPE_MAX_SIZE];
        char    nid_netscape_comment[NID_NS_CERT_COMMENT_MAX_SIZE];
        cert_ext* pCertExt;
} cert_information;

extern void NS_CreateCert(
                        const cert_information* certinfo,
                        X509** cert,
                        EVP_PKEY** priKey);

extern void NS_PrintCert(
                        X509* cert,
                        FILE* outfile);

extern void NS_ReadCert(
                        cert_information* certinfo,
                        FILE* certfile);

extern void NS_PrintPrivateKey(
                        EVP_PKEY* priKey,
                        FILE* outfile);

b. Create a test driver program called testdriver.c that tests and ensure the correctness of the functions in a.

NOTE:

What to handin:

This is a group homework, use the same group members as your project group. Work with each other early.
Homework is based on complete correctness, so MAKE SURE everything is neat and correct.
OpenSSL API must be used, NOT command line interface.
Use a good word processor to writeup all the written assignments. Print them out and handin in class.
Handin DETAIL running instructions and the actual program (source + class files + html file + h + c files, etc). Print instruction and program listing out, and hand them in with the computer diskette or CD. (I prefer CDs.)
USE an envelope and put everything in it.
No late assignment will be accepted
DO NOT EMAIL ANY assignment to me. Handin in class
Points will be taken off if you violate any of the above.
If you do not start early, you probably cannot finish it ... START EARLY.

Helper Info:

Makefile (Linux)
The code is all there ... check <openssl install dir>/demos/x509
Sample API for encryption ... EVP_BytesToKey ... EVP_CIPHER_CTX ... EVP_CIPHER_CTX_init ... EVP_DecryptInit ... EVP_EncryptInit ...
OpenSource ... Google

Sample Code:

static ns_return_code  __decrypt (const char* inputData, int inLen, char* outData, int* outLen, unsigned char* value)
{

	int uLen, tlen = 0;
	int totalLen = 0;
        *outLen = 0;
       	unsigned char* desKey = NULL;

	EVP_CIPHER_CTX ctx;
	EVP_CIPHER_CTX_init (&ctx);

	if (value == NULL)
	{
		EVP_DecryptInit (&ctx, EVP_bf_ofb (), ibKey, ibIV);
	}
	else
	{
        	desKey = __generateDESKey(value, strlen(value));
		EVP_DecryptInit (&ctx, EVP_des_ede3_ofb (), desKey, NULL);
	}

	NSTEST(EVP_DecryptUpdate (&ctx, outData, &uLen, inputData, inLen) == 1, "decrypt update");
	totalLen = uLen;

	NSTEST(EVP_DecryptFinal (&ctx, outData + uLen, &tlen) == 1, "decrypt final");
        totalLen += tlen;
        *outLen = totalLen;

cleanup:
	EVP_CIPHER_CTX_cleanup (&ctx);
	FREE(desKey);
	return NS_SUCCESS; 
}