[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
v0.5 SFL Interim Release
J.G. Van Dyke and Associates (VDA) has delivered the fifth interim release
(Version 0.5) of the S/MIME Freeware Library (SFL). It has been
successfully tested with the SunOS 4.1.3 and MS Windows NT/95 operating
systems. The SFL is a freeware implementation of the IETF S/MIME v3 CMS
(June 98) and ESS (September 98) (NOTE: The updated specifications will be
implemented in a later release of the SFL). We have made significant
progress with the testing of the SFL. The v0.5 SFL has been successfully
used to sign, verify, encrypt and decrypt CMS objects using the mandatory
algorithms (DSA, D-H, 3DES) provided by the Crypto++ library and SHA-1
provided by Government-furnished freeware. The v0.5 SFL has also been used
to sign, verify, encrypt and decrypt CMS objects using the RSA suite of
algorithms provided by the RSA BSAFE library. The SFL uses the SNACC ASN.1
Library to encode and decode CMS signedData and envelopedData objects. The
v0.5 SFL release includes: SFL High-level library; SFL Crypto++ Crypto Token
Interface Library (CTIL); BSAFE CTIL; VDA-enhanced GNU SNACC ASN.1 Compiler
and Library; test drivers and test data.
The following enhancements are included in the v0.5 SFL release:
- Added attributes defined in the new SMIME specification such as
SigningCertificate, ContentHints, ContentReference, EquivalentLabels, and
- General ASN.1 definition cleanup based on minor specification changes.
- Started Memory Leak Testing on basic sign/verify, encrypt/decrypt
operations for the COMMON library. All SFL Library and Test code has been
updated to fix all memory leaks for the basic operations. (note: The
following functionality still needs to be memory leak tested: Attributes,
Receipt Processing, RSA, FREE, FORTEZZA CTIL Libraries, Additional Signature
logic, MIME test logic).
- Improvements to the RecipientInfo processing in Encrypt/Decrypt. The
classes are being updated to reflect the shared UKM concept (ongoing effort).
- Improvements to signed receipt processing (ongoing effort).
- Updated SFL test logic to better reflect needs for detailed test cases
that match requirements in CMS document. This includes updating the
reporting capability. The test configuration files were enhanced to provide
more comprehensive control in construction and processing of SFL components
(e.g. Decrypt can now specify which Recipient to decrypt, not just the first
available in the SFL logins).
- Finalized testing of a "compare" function for the SFL verify operation to
compare the decoded results with the actual data used to construct the test
message (as specified in the test config file for construction of the
signedData being verified). This validation function provides an automated
check of basic processing in a repeatable manner for all releases on all
platforms. It checks the content, signing certificates, hash and signature
algorithms, attributes in SignerInfos, etc.
- Enhanced multiple SignerInfo logic.
- Updated draft SFL API document, V0.5, 12 Nov 98.
Although we have made significant progress with the development of the SFL,
this interim release of the SFL is NOT complete. We are still in the process
of developing and testing the SFL. For example, we will be enhancing the
BSAFE CTIL to store the user's private keys in an encrypted form. Further
releases will be provided as significant capabilities are added. The SFL is
being delivered incrementally to provide software as soon as possible to
allow developers to: work with the API; begin integrating the SFL into their
applications; and to provide feedback to the ongoing SFL development
process. The SFL documents and software are still being developed and are
subject to change. The goal for completion of the SFL is February 1999. The
stability of the S/MIME v3 specifications is a prerequisite for meeting this
Future releases will include: incorporate S/MIME specification changes;
support for additional attributes; Fortezza CTIL; additional helper
functions; multiple signerInfos in signed receipts; enhanced test routines;
bug fixes; support for other crypto libraries; and support for other
operating systems. The SFL will be thoroughly tested and all memory leaks
fixed. Robustness testing will be performed. The SFL will be tested for
interoperability with S/MIME v2 and v3 products. Other possible future
enhancements include additional example CTILs supporting other Cryptographic
APIs, such as Open Group's Common Data Security Architecture. We will
continue enhancing utilities to generate certificates to be used as test data.
The IMC has established an SFL web page (http://www.imc.org/imc-sfl) which
includes links to the SFL files stored on the VDA SFL Page
(http://www.jgvandyke.com/services/infosec/sfl.htm) and on the Fortezza
Developer's S/MIME Page
The following SFL files are not export-controlled. They are available at
the Fortezza Developer's S/MIME Page and VDA SFL Page:
1) SFL Documents: SFL Fact Sheet, SFL Software Design Description, SFL
Application Programming Interface, SFL CTI API and SFL Public License.
2) snacc-1.3vda.tar.Z: Compressed tar file containing SNACC ASN.1 Compiler
and Library source code compilable for Unix that has been enhanced by VDA to
implement the Distinguished Encoding Rules. makefiles are included.
3) snaccvc.zip: zip file containing SNACC ASN.1 Compiler and Library source
code that has been enhanced by VDA to implement DER. MS Windows NT/95
project files are included for the SNACC code, MIME++ and Crypto++. Note
that the Crypto++ and MIME++ libraries are not included. See
(http://hunnysoft.com/mimepp/) for these two libraries.
The following SFL files are export controlled and are available at the
Fortezza Developer's S/MIME Page:
1) sfl5Unixtar.Z: Compressed tar file containing all SFL source code
including: SFL Hi-Level source code; VDA-enhanced SNACC-generated ASN.1
source code; SFL Crypto++ CTIL source code; SFL BSAFE CTIL source code;
makefiles. This file also contains test driver source code, sample CMS test
data and test X.509 Certificates. This file also includes test utilities to
create X.509 Certificates that each include a D-H, DSA or RSA public key.
2) smimeR05.zip: Zip file containing all SFL source code including: SFL
Hi-Level source code; VDA-enhanced SNACC-generated ASN.1 source code; SFL
Crypto++ CTIL source code; SFL BSAFE CTIL source code; project files. This
file also contains test driver source code, sample CMS test data and test
X.509 Certificates. This file also includes test utilities to create X.509
Certificates that each include a D-H, DSA or RSA public key. SNACC release
and debug libraries compiled for MS Windows NT/95.
3) csmime.mdl contains SFL Class diagrams created using Microsoft Visual
Modeler (can be viewed using Relation Rose C++ Demo 4.0).
Instructions for applying for an account on the Fortezza Developer's S/MIME
Page are available from that page. An account is required to download the
SFL files from the Fortezza Developer's S/MIME Page due to U.S. export
restrictions. See the U.S. Bureau of Export Administration's Commercial
Encryption Export Controls web site at http://www.bxa.doc.gov/encstart.htm
for more information regarding the U.S. export restrictions.
All source code for the SFL is being provided at no cost and with no
financial limitations regarding its use and distribution. Organizations can
use the SFL without paying any royalties or licensing fees. VDA is
developing the SFL under contract to the U.S. Government. The U.S.
Government is furnishing the SFL software at no cost to the vendor subject
to the conditions of the "SFL Public License" available from the VDA SFL
Page and Fortezza Developer's S/MIME Page.
The SFL is composed of a high-level library that performs generic CMS and
ESS processing independent of the crypto algorithms used to protect a
specific object. The SFL high-level library makes calls to an
algorithm-independent Crypto Token Interface API. The underlying, external
crypto token libraries are not distributed as part of the SFL source code.
The application developer must independently obtain these libraries and then
link them with the SFL. For example, the SFL uses the freeware Crypto++
library to provide 3DES, D-H and DSA. To use the SFL with Crypto++ the
vendor must download the Crypto++ freeware library from the Crypto++ Web
Page and then compile it with the SFL source code.
The SFL software is developed to maximize portability to 32-bit operating
systems. In the future, support may be added for the following operating
systems: Macintosh, HP/UX 9.x/10.x, IBM AIX 3.2, Sun Solaris 2.6 and SCO ODT
The IMC has established an SFL mail list which is used to: distribute
information regarding SFL releases; discuss SFL-related issues; and provide
a means for SFL users to provide feedback, comments, bug reports, etc.
Subscription information for the imc-sfl mailing list is at the IMC web site
All comments regarding the SFL software and documents are welcome. We
recommend that comments should be sent to the imc-sfl mail list. We will
respond to all messages on that list.
John Pawling, jsp@xxxxxxxxxxxxx
J.G. Van Dyke & Associates, Inc.