Upgrade to Pro — share decks privately, control downloads, hide ads and more …

State of Crypto in Python

State of Crypto in Python

Python has a complex past with cryptography. There are half a dozen major frameworks built on at least three separate C implementations, each with their own strengths and weaknesses and in various states of maintenance.

In our development of an open source key management system for OpenStack (Barbican), our team has spent some time investigating the major options including OpenSSL, libnss, nacl and pycrypto on the C side and PyOpenSSL, Pycrypto, python-nss and m2crypto on the Python side.

In our research, we noted several challenges with the current crop of libraries including audit state, support for PyPy, maintenance status, etc. In response to this, a group of Python aficionados with more time than sense have begun development of Cryptography (https://github.com/pyca/cryptography). Cryptography is a modern Python crypto library capable of utilizing multiple C backends based on CFFI, thus enabling PyPy use. We will cover the current state of the library, it’s goals and design decisions.

Jarret Raim

July 24, 2014
Tweet

More Decks by Jarret Raim

Other Decks in Technology

Transcript

  1. HowDidWeGetHere At Rackspace we work on an OpenStack, key management

    product named Barbican. We needed to use crypto. Cue the 80s working montage
  2. WHyc? All major cryptographic libraries are currently implemented in a

    low level language, mostly C or C++. Reviewed Code Several C libraries have been sponsored through the review process for professional crypto review including various compliances that some customers care about. Future possibilities There are some exciting options for future work in the crypto space with languages like Rust / Go. Unfortunately, these aren’t usable from Python right now. Timing / Memory Attacks These attacks relate to exploiting timing differentials or securely wiping memory. They are difficult or impossible to remediate without the low level control exposed by C. Existing Code Writing good crypto code is hard. Most existing libraries have a long history including significant bug-fixing / research.
  3. StateofC OSS X-Platform Maintained Ubiquitous Std. Algorithms FIPS OpenSSL NSS

    NaCl Botan CommonCrypto MS CSP Libgcrypt LibreSSL
  4. StateOfPython Backend Maintained Python Support Reviewed Completeness m2crypto openssl recently

    active pypy with patch, no py3 no openssl swig pycrypto bespoke* yes no pypy no no AEAD (without alpha) pyopenssl openssl* yes yes (with crypto) no Thin openssl bindings python-nss NSS low unknown no exposes some of NSS botan botan yes py3, maybe pypy no exposes most of botan Most of these libraries require / assume the user understands how to use the underlying C library correctly.
  5. a new crypto library for Python •  Support for PyPy

    and Python 3 •  Large, active team •  Encourages use of strong, secure algorithms •  “Cryptography for humans”, APIs •  Support for modern algorithms such as AES- GCM and HKDF •  Improved debug-ability and testability •  Sane, secure API design (where possible) cryptography Grandiose Vision: A cryptographic standard library for Python.
  6. Python Cryptographic Authority •  PyNaCl – Python bindings for the

    NaCL library •  cryptography – Python library to expose cryptographic constructs •  service_identity – Service identity (hostname verification) for PyOpenSSL. •  PyOpenSSL – Python bindings for OpenSSL •  bcrypt – Python wrapper for bcrypt library •  ed25519 – Pure Python implementation of one elliptic curve signature scheme Logo courtesy of GitHub’s auto- generation. PYCA
  7. Backends OpenSSL Our primary (and only guaranteed) backend. We don’t

    currently package OpenSSL to allow for flexibility for package maintainers. Common Crypto Available on OS X and iOS, this is the preferred backend on OS X. Apple has decided not to ship newer version of OpenSSL, leaving developers with a old version lacking modern algorithms. Cryptography is designed around the concept of backends. Each backend implements a set of defined interfaces. This allows us to implement a backend for each C library and exchange them transparently. MULTIBACKEND This meta-backend allows composition and prioritization of multiple backends. This creates a superset of operations in Python, isolating the developer from variations in C libraries. Moar! Any C backend can be included. We have spoken with many of the C library maintainers about writing a backend for cryptography.
  8. Tests per run Testify 73,813 575+ Million tests per week

    78 Runs per build 5,757,414 Tests per build 15 Builds per day 45 Documentation runs per day
  9. Alex Gaynor (Alex_gaynor) Paul Kehrer (reaperhulk) David Reid (dreid) Alex

    Stapleton (alexs) ourPeople 5+ Commit Club aryx, skeuomorf, lvh, dstufft, cyli, exarkun, hynek, ashfall, juliankrause, wallrj, lvoz, phibos, chrisglass + 22 more contributors
  10. currentSupport Symmetric Currently support a variety of common ciphers such

    as AES, Camellia, 3DES, CAST5, etc. Most non-patent encumbered block cipher modes are also supported. hashing Support for common hashing algorithm like SHA1 / SHA2, RIPEMD160, Whirlpool and MD5, including HMAC support for all supported hashes. Support for KDFs and TOTP. Asymmetric Support Supports RSA, DSA and elliptic curve for signing, verification, encryption and decryption (for RSA). PKCS #1 and #8 key loading done now. fernet A high level recipe designed to provide easy to use authenticated encryption. Tl;dr Authenticated Encryption at rest, Public key signatures & encryption, Hashing, HMAC, Key derivation, two-factor (OTP)
  11. DownstreamConsumers PyOpenssl Current based on cryptography. Pure python package, gained

    support for PyPy and Py3 Pycrypto Currently in prototype / investigation phase. Paramiko Work in progress PR for rebasing. Conch Interest expressed in switching. Someone interested in writing a patch? 0 50000 100000 150000 200000 250000 300000 350000 400000 450000 0.1 0.2 0.3 0.4 0.5 Cryptography PyPI download counts
  12. DualLicensing Project Licensing Cryptography is licensed using Apache 2 and

    two-clause BSD (in-progress). Backend Licensing Set by the backend author, can accommodate any license structure. •  Van Lindberg •  Chairman of the Python Software Foundation •  Wrote “Intellectual Property and Open Source” •  Rackspace IP Head Honcho if you don’t like it, blame van
  13. LetsReview Algorithm support Open Source MAINTAINED & Tested Python Support

    Multi-Backend & Openssl Apache 2 & BSD 575+ Million Tests 40+ contributors 2.6, 2.7, 3.2, 3.3, 3.4, & pypy
  14. FutureWork X509 Support for parsing all extension and object types

    defined in RFC3280 and RFC5280. TLS TLS 1.2 support, modern cipher suites, stripe open source grant winner working on TLS for cryptography. Less Common Primitives Chacha20, Salsa20, non-NIST elliptic curves. Multiple backend support Allows for backends to live in separate packages and be used by cryptography at runtime. Github github.com/pyca/cryptography Website cryptography.io Install pip install cryptography