Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Marcin Krzyżanowski | CryptoSwift: Crypto You C...

Marcin Krzyżanowski | CryptoSwift: Crypto You Can Do

Presented at www.swiftsummit.com

Swift Summit

March 22, 2015
Tweet

More Decks by Swift Summit

Other Decks in Programming

Transcript

  1. CommonCrypto • The C library • Part of the system

    (iOS and OS X) • Can be used with Swift (thanks to C interoperability)
  2. CommonCrypto • The C library • Part of the system

    (iOS and OS X) • Can be used with Swift (thanks to C interoperability) ‣ Unsafe pointers
  3. CommonCrypto • The C library • Part of the system

    (iOS and OS X) • Can be used with Swift (thanks to C interoperability) ‣ Unsafe pointers • Sources available at opensource.apple.com
  4. CommonCrypto CCCrypt( UInt32(kCCEncrypt), UInt32(kCCAlgorithmAES128), UInt32(kCCOptionPKCS7Padding), keyBytes, // UnsafePointer<Void>(keyData.bytes) key.count, ivBytes,

    // UnsafePointer<Void>(ivData.bytes) dataBytes, // UnsafePointer<Void>(data.bytes) dataLength, cryptPointer, // UnsafeMutablePointer<Void>(cryptData!.mutableBytes) cryptLength, &numBytesEncrypted )
  5. CryptoSwift • Swift framework • iOS and OS X •

    Pure Swift implementation • Constantly improved
  6. A cryptographic hash function allows one to easily verify that

    some input data matches a stored hash value, but makes it hard to construct any data that would hash to the same value or find any two unique data pieces that hash to the same value. CryptoSwift - hash
  7. CryptoSwift - hash • MD5, SHA1, SHA2, CRC32 import CryptoSwift

    "SwiftSummit".md5() "SwiftSummit".sha1() "SwiftSummit".sha512() "SwiftSummit".crc32()
  8. “In cryptography, a cipher (or cypher) is an algorithm for

    performing encryption or decryption—a series of well-defined steps that can be followed as a procedure.” CryptoSwift - ciphers
  9. CryptoSwift - ciphers • AES • The Advanced Encryption Standard,

    the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST) • Hardware acceleration (not for Swift) ‣ Advanced Encryption Standard Instruction Set (AES-NI)
  10. import CryptoSwift let key = "1234567890123456" // key let iv

    = "1234567890123456" // random if let aes = AES(key: key, iv: iv, blockMode: .CBC) { if let encrypted = aes.encrypt([1,2], padding: PKCS7()) { let data = NSData.withBytes(encrypted) } } CryptoSwift - ciphers
  11. CryptoSwift - ciphers • ChaCha20 ‣ The stream cipher by

    J. Bernstein, built on a pseudorandom function based on add-rotate-xor operations ‣ Adopted by Apple with HomeKit, by Google with Chrome. ‣ Lack of official support in OpenSSL. Patches are waiting to be merged.
  12. import CryptoSwift let key = "1234567890123456" // key let iv

    = "1234567890123456" // random if let chacha = ChaCha20(key: key, iv: iv) { if let encrypted = chacha.encrypt([1,2]) { let data = NSData.withBytes(encrypted) } } CryptoSwift - ciphers
  13. enum Cipher { case ChaCha20(key: [UInt8], iv: [UInt8]) case AES(key:

    [UInt8], iv: [UInt8], blockMode: CipherBlockMode) func encrypt(bytes: [UInt8]) -> [UInt8]? func decrypt(bytes: [UInt8]) -> [UInt8]? static func randomIV(blockSize: Int) -> [UInt8] } CryptoSwift - ciphers
  14. The block cipher operation is an algorithm that uses a

    block cipher to encrypt a large message CryptoSwift - block mode
  15. • Electronic CodeBook ECB - Don’t use! ‣ Sequence of

    encrypted blocks, every block with the same key. CryptoSwift - block mode
  16. CryptoSwift - block mode • Cipher-block Chaining CBC ‣ Sequence

    of encrypted blocks, every following block uses encrypted data as a key to the cipher. decryption is parallelizable
  17. CryptoSwift - block mode • Cipher Feedback CFB ‣ Sequence

    of encrypted blocks, every following block uses encrypted data as a key to the cipher decryption is parallelizable
  18. Block Mode NONCE? used only once - IV The IV

    provides semantic security identical messages have different ciphertexts
  19. Authenticators The message authentication code is a short piece of

    information used to authenticate a message and to provide integrity and authenticity assurances on the message
  20. CryptoSwift - authenticators • Poly1305 - a one-time authenticator ‣

    takes a 32-byte one-time key and a message and produces the 16-byte tag.
  21. CryptoSwift - authenticators • Poly1305 - a one-time authenticator ‣

    takes a 32-byte one-time key and a message and produces the 16-byte tag. • HMAC - Keyed-Hashing for Message Authentication ‣ takes a key and message and produces a tag with one of the hash functions (MD5, SHA)
  22. CryptoSwift enum Authenticator { case Poly1305(key: [UInt8]) case HMAC(key: [UInt8],

    variant: HMAC.Variant) func authenticate(message: [UInt8]) -> [UInt8]? }
  23. CryptoSwift extension NSData { … } extension String { …

    } “message”.md5() “message”.sha512() “plaintext”.encrypt(Cipher.AES(…))
  24. Performance • CryptoSwift implementation is significantly slower than CommonCrypto •

    It’s better with the new version of Swift • NSMutableData is slow • memory allocation is slow if the “unsafe pointer” is not used. • Array enumeration is significantly visible.