Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Maintaining cryptographic library for 12 languages

vixentael
November 07, 2019

Maintaining cryptographic library for 12 languages

Maintaining cross-platform cryptographic library is a journey full of unexpected bugs, language-specific hacks, difficult decisions and endless struggle to make developer-facing APIs easy-to-use and hard-to-misuse.

https://github.com/cossacklabs/themis

This talk is useful for ppl that believe that perfect crypto lib is a C lib with 1-page readme :)

—————————————-

As developers, what do we want from using cryptographic tools? They should be easy to use and hard to misuse, cover complete use-cases instead of providing crypto-primitives, support language-specific style, work in the same way on numerous platforms and languages. Basically, we want less stress and more work done.

But is it so easy to maintain cross-platform crypto library? How to simplify complex crypto concepts into simple "encrypt(msg, key)" and "decrypt(data, key)" functions? How to provide unified API for 11 languages, when some of them are strongly-typed and another one is javascript? Secure by default: what design choices should be made to protect from misuse. Multi-platformness: how to make sure that message encrypted using Ruby on x64 Ubuntu 18.04 will be [successfully] decrypted on iOS12 on iPhone armv7s? Testing wildness: static analyzers, fuzzing, unit tests, integration tests. Docs: developers copy-paste from readme anyway, how to make sure that they copy-paste correct things.

I'll describe the 4yrs experience on maintaining multi-platform open source library Themis: from API design to language-specific hacks.

Bonus questions:
- what maintainers completely forget about: the biggest fail reason for users.
- what is faster in Go: calling OpenSSL via c-Go interop or using native Go crypto primitives?
- how to deal with multi-platformness, if BoringSSL for iOS doesn't support AES XTS?
- epic bug with iOS-Android compatibility, which appears to be a sad story about `size_t`.
- switching cryptographic backends for fun and profit: switching between BoringSSL, OpenSSL, LibreSSL, ~libsodium and CommonCrypto~, and governmental crypto standards of some countries, leaving same high-level API.

Key takeaways:
- cryptography is easy, but "secure by default" APIs are hard;
- never agree to support multi-platform libs;
- each language has unique hacks and typical mistakes, deal with it.

vixentael

November 07, 2019
Tweet

More Decks by vixentael

Other Decks in Programming

Transcript

  1. @vixentael Head of customer solutions, security software engineer. Focused on

    data security, applied crypto and building e2ee schemes. vixentael.dev
  2. cossacklabs.com/products Data security tools & solutions We make software to

    get data security right – from open-source and proprietary cryptographic tools to custom solutions and consulting. We are cryptographers, security engineers, system engineers, infrastructure engineers. @vixentael
  3. Working with companies that care about data security Critical infrastructure,

    healthcare, payment processors, ML/AI, popular apps — where data security is a hard requirement.
  4. github.com/cossacklabs/themis same API across 14 platforms boring crypto hidden crypto-details

    recommended by OWASP tons of docs works on millions of devices Themis – the crypto lib 7yo, supported by a team @vixentael
  5. Where Themis is used? mobile apps other libraries chats web-

    fi rst apps Cossack Labs software critical infra fi ntech docs.cossacklabs.com/themis/community/projects-that-use-themis/ AI/ML apps @vixentael
  6. I want to store data securely I want to send

    data securely I want to verify data integrity Solve security use-cases @vixentael
  7. ephemeral keys built in key gen built in KDF AES

    GCM / AES CTR ECDH + ECC + AES ECC + ECDSA / RSA + PSS + PKCS#7 SecureMessage SecureCell SecureComparator OTR SMP + ECC ZKP github.com/cossacklabs/themis Themis: cryptosystems store encrypted encrypt for someone encrypt session communication authenticate SecureSession @vixentael
  8. Themis OpenSSL BoringSSL LibreSSL BearSSL DSTU libsodium native GoCrypto crypto-backends

    Soter Themis Themis Core iOS Android Java python ruby WASM language wrappers Go rust js PHP C++ stable experimental @vixentael
  9. Themis Core (server & desktop OS) Ubuntu 20.04 x64 Debian

    11 x64 Ubuntu 18.04 x64 CentOS 8 x64 Debian 10 x64 Debian 9 x64 macOS 11.5 macOS 10.15 macOS 10.14 Windows Ubuntu 16.04 x64 CentOS 7 x64 Ubuntu 16.04 x32 Debian 9 x32 @vixentael
  10. Themis OSs Ubuntu 20.04 x64 Debian 11 x64 Ubuntu 18.04

    x64 CentOS 7 x64 Ubuntu 16.04 x64 Debian 10 x64 Debian 9 x64 CentOS 8 x64 macOS 11.5 macOS 10.15 macOS 10.16 Windows iOS 10 - iOS 15 Android API 23 - 30 @vixentael
  11. make make test sudo make install Easy to use noone

    cares about your lib if they can’t install it using their fav package manager @vixentael
  12. Themis Core: install Ubuntu Debian CentOS / RHEL macOS Windows

    apt-get install libthemis-dev apt-get install libthemis-dev yum install libthemis-devel brew install libthemis make nsis_installer @vixentael
  13. Package managers npm install jsthemis pip install pythemis pip3 install

    pythemis gem install rbthemis mavenCentral() implementation ‘com.cossacklabs.com:themis:0.13.11’ npm install wasm-themis [dependencies] themis = “0.13.12” go get github.com/cossacklabs/themis/gothemis/... pod themis pod install github “cossacklabs/themis" carthage update @vixentael
  14. iOS speci fi cs OpenSSL Soter Themis Themis iOS BoringSSL

    C lang ObjC ObjC app Swift app ObjC <> Swift interoperability CocoaPods Carthage SPM package managers Xcode/Swift update iOS update device update package manager update Open/BoringSSL update @vixentael
  15. Android speci fi cs Soter Themis Themis Java BoringSSL C

    lang Java <> C Java app Kotlin app Java <> Kotlin interoperability Themis jni @vixentael
  16. Android speci fi cs Soter Themis Themis Java BoringSSL C

    lang Java <> C Java app Kotlin app Java <> Kotlin interoperability Themis jni complicated to debug complicated to build @vixentael
  17. BoringSSL github.com/cossacklabs/themis/pull/352 CMake Error at /home/user/android-sdk/ndk-bundle/build/cmake/ android.toolchain.cmake:169 (message): GCC is

    no longer supported. See https://android.googlesource.com/platform/ndk/+/master/docs/ ClangMigration.md. @vixentael
  18. BoringSSL github.com/cossacklabs/themis/pull/352 CMake Error at /home/user/android-sdk/ndk-bundle/build/cmake/ android.toolchain.cmake:169 (message): GCC is

    no longer supported. See https://android.googlesource.com/platform/ndk/+/master/docs/ ClangMigration.md. gcc -> clang @vixentael
  19. Multi-platform is hard BoringSSL is used in iOS libs by

    Google (Firebase) Themis iOS BoringSSL @vixentael
  20. Multi-platform is hard BoringSSL is used in iOS libs by

    Google (Firebase) Themis iOS BoringSSL no AES XTS in BoringSSL iOS CocoaPod 😱 😱 😱 😱 😱 😱 @vixentael
  21. Multi-platform is hard #define SOTER_BORINGSSL_DISABLE_XTS BoringSSL is used in iOS

    libs by Google (Firebase) Themis iOS BoringSSL no AES XTS in BoringSSL iOS CocoaPod @vixentael
  22. — crypto that simply works, solidly resists attacks, never needs

    any upgrades. https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein Boring crypto @vixentael
  23. "Don’t give users options, because they will mess it up.

    Just tell them what to do.” dev.to/cossacklabs/schneier-on-cryptography-live-interview-4mi7 Bruce Schneier No options @vixentael
  24. should be random should use KDF(key) uses AES CBC, not

    AES GCM padding? salt? 😬 Easy to make mistakes @vixentael
  25. hides cryptographic details: salt, IV, KDF, padding uses AES-256-GCM github.com/cossacklabs/themis

    generates strong encryption key Themis: hard to make mistakes @vixentael
  26. hides cryptographic details: salt, IV, KDF, padding uses AES-256-GCM github.com/cossacklabs/themis

    Themis: built-in KDF uses KDF to transform passphrase into key: @vixentael
  27. Testing fuzzing memory, sanitizers, SAST integration tests unit tests per

    each language, crypto: NIST- speci fi ed for PRNG & AES per OS, per language clang, Valgrind, Splint, Cppcheck backwards compatibility tests AFL between versions @vixentael
  28. CI & autotests integrated with Github unit tests, memory iOS,

    Android, macOS examples and tests everything 
 cross-platform tests GitHub actions: everything @vixentael
  29. Security testing cryptocoding internal review external audits tests github.com/veorq/cryptocoding zeroing,

    minimization, memory, constant time checks, etc cossacklabs.com/blog/macros-in-crypto-c-code.html @vixentael
  30. 4. Use case speci fi c apps “your app works,

    but my app doesn’t” @vixentael
  31. One readme is not enough 1. Language-speci fi c docs

    2. “Safe to copypaste” code snippets 3. Example applications 4. Tutorials and use case speci fi c apps 5. Codeless simulators @vixentael
  32. 1. Encryption lib should be: multi-platform, maintained, secure by default,

    open sourced, easy to install, hard to misuse, tested. 2. Supporting libs is VERY complicated. 3. Better to spend time on features than the crypto code. Key points @vixentael