[openssl-users] Looking for beta testers for libsuola
Nicola
nic.tuv at gmail.com
Thu Apr 19 17:46:39 UTC 2018
Hey Folks,
we just released a project that we hope is going to help
researchers, developers, and ease the life of distro maintainers,
and of everyone working on making the Internet more secure through
OpenSSL, ultimately benefit all the users.
The project is called [libsuola](https://github.com/romen/libsuola)
and demonstrates how to use OpenSSL ENGINEs to provide
new/alternative cryptographic software implementations to OpenSSL
and, transparently, to existing applications linked against it.
The ultimate goal of our project is to provide users the freedom of
injecting alternative implementations or missing functionality in
OpenSSL, at runtime and transparently to existing applications.
The motivation for our project is illustrated in details in
[this paper][0], but just to mention some examples of what kind of
things libsuola could do in practice for users, I'll mention adding
support for X25519 or Ed25519 primitives for applications linked
against OpenSSL 1.0.2, or add Ed25519 to applications linked against
OpenSSL 1.1.0.
Moreover one can choose which implementation to use, selecting as a
backend provider:
- [libsodium][1], which historically has a better record when it
comes to side-channel attack countermeasures and would also provide a
nice speed bump in performance; or
- [HACL*][2], a formally verified fork of libsodium, coming with
strong mathematical assurance about functional correctness, memory
safety, and its side-channel attack countermeasures.
(For benchmarking geeks, numerophiles and everyone else interested,
nice and extensive tables collecting the timings we measured for
each operation, under different providers and on different
architectures are included in the paper!
Also, more details about a third kind of provider which statically
links crypto funcitonality internally rather than relying on an
external library.)
The other goal of the project is to propose a methodology for
researchers working on software implementations, to test and benchmark
their results in real-world scenarios and deliver them to a wider
audience.
Of course to achieve grand goals we need participation from the
community, so we are looking for beta testers to test the limits of
our project, gather ideas on how to extend it, spot its shortcomings
and get it under deeper scrutiny.
So please, if what you read felt at least mildly interesting, go to
https://github.com/romen/libsuola and check it out!
Our development and testing has so far been limited to Linux-based
environments and x64 / arm / arm64, but we welcome testers for other
architectures, and PRs for other dev chains.
TL;DR: Help us test a new way of adding functionality to your existing
OpenSSL-based applications. https://github.com/romen/libsuola
Thanks,
Nicola Tuveri
D.Sc. Student
NISEC group
Laboratory of Pervasive Computing
Tampere University of Technology, FINLAND
[0]: https://eprint.iacr.org/2018/354.pdf
[1]: https://github.com/jedisct1/libsodium
[2]: https://github.com/mitls/hacl-star
More information about the openssl-users
mailing list