Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Maintaining cryptographic library for 12 languages

vixentael
November 07, 2019
Programming
1
4k

Maintaining cryptographic library for 12 languages

Maintaining cross-platform cryptographic library is a journey full of unexpected bugs, language-specific hacks, difficult decisions and endless struggle to make developer-facing APIs easy-to-use and hard-to-misuse.

https://github.com/cossacklabs/themis

This talk is useful for ppl that believe that perfect crypto lib is a C lib with 1-page readme :)

—————————————-

As developers, what do we want from using cryptographic tools? They should be easy to use and hard to misuse, cover complete use-cases instead of providing crypto-primitives, support language-specific style, work in the same way on numerous platforms and languages. Basically, we want less stress and more work done.

But is it so easy to maintain cross-platform crypto library? How to simplify complex crypto concepts into simple "encrypt(msg, key)" and "decrypt(data, key)" functions? How to provide unified API for 11 languages, when some of them are strongly-typed and another one is javascript? Secure by default: what design choices should be made to protect from misuse. Multi-platformness: how to make sure that message encrypted using Ruby on x64 Ubuntu 18.04 will be [successfully] decrypted on iOS12 on iPhone armv7s? Testing wildness: static analyzers, fuzzing, unit tests, integration tests. Docs: developers copy-paste from readme anyway, how to make sure that they copy-paste correct things.

I'll describe the 4yrs experience on maintaining multi-platform open source library Themis: from API design to language-specific hacks.

Bonus questions:
- what maintainers completely forget about: the biggest fail reason for users.
- what is faster in Go: calling OpenSSL via c-Go interop or using native Go crypto primitives?
- how to deal with multi-platformness, if BoringSSL for iOS doesn't support AES XTS?
- epic bug with iOS-Android compatibility, which appears to be a sad story about `size_t`.
- switching cryptographic backends for fun and profit: switching between BoringSSL, OpenSSL, LibreSSL, ~libsodium and CommonCrypto~, and governmental crypto standards of some countries, leaving same high-level API.

Key takeaways:
- cryptography is easy, but "secure by default" APIs are hard;
- never agree to support multi-platform libs;
- each language has unique hacks and typical mistakes, deal with it.

vixentael

November 07, 2019
Tweet

More Decks by vixentael

See All by vixentael
Using YubiKey and FIDO U2F for secure authentication
vixentael
0
1.8k
Data is a new security boundary
vixentael
0
6.2k
Cryptographic protection of ML models
vixentael
0
2.9k
e2ee != security != privacy
vixentael
0
2.2k
10 lines of encryption, 1500 lines of key management
vixentael
2
1.7k
Security, privacy and cryptography at WWDC19
vixentael
1
730
Data encryption: CyberKids edition
vixentael
0
650
"Defense in depth": trench warfare principles for building secure distributed applications
vixentael
3
920
Workshop: Secure Software Development: From Rookie to Hardcore in 90 Minutes
vixentael
1
1.1k

Other Decks in Programming

See All in Programming
「今のプロジェクトいろいろ大変なんですよ、app/services とかもあって……」/After Kaigi on Rails 2024 LT Night
junk0612
5
2.2k
CSC509 Lecture 12
javiergs
PRO
0
160
ふかぼれ!CSSセレクターモジュール / Fukabore! CSS Selectors Module
petamoriken
0
150
距離関数を極める! / SESSIONS 2024
gam0022
0
290
[Do iOS '24] Ship your app on a Friday...and enjoy your weekend!
polpielladev
0
110
RubyLSPのマルチバイト文字対応
notfounds
0
120
見せてあげますよ、「本物のLaravel批判」ってやつを。
77web
7
7.8k
macOS でできる リアルタイム動画像処理
biacco42
9
2.4k
subpath importsで始めるモック生活
10tera
0
320
3rd party scriptでもReactを使いたい! Preact + Reactのハイブリッド開発
righttouch
PRO
1
610
みんなでプロポーザルを書いてみた
yuriko1211
0
280
レガシーシステムにどう立ち向かうか 複雑さと理想と現実/vs-legacy
suzukihoge
14
2.3k

Featured

See All Featured
Being A Developer After 40
akosma
87
590k
Facilitating Awesome Meetings
lara
50
6.1k
Navigating Team Friction
lara
183
14k
The World Runs on Bad Software
bkeepers
PRO
65
11k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Code Review Best Practice
trishagee
64
17k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
Statistics for Hackers
jakevdp
796
220k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Fireside Chat
paigeccino
34
3k
Side Projects
sachag
452
42k

Transcript

  1. Maintaining cryptographic library for 12 languages @vixentael

  2. Maintaining cryptographic library for 12 languages 14 @vixentael

  3. @vixentael Head of customer solutions, security software engineer. Focused on

    data security, applied crypto and building e2ee schemes. vixentael.dev

  4. cossacklabs.com/products Data security tools & solutions We make software to

    get data security right – from open-source and proprietary cryptographic tools to custom solutions and consulting. We are cryptographers, security engineers, system engineers, infrastructure engineers. @vixentael

  5. Working with companies that care about data security Critical infrastructure,

    healthcare, payment processors, ML/AI, popular apps — where data security is a hard requirement.

  6. USABLE

  7. Cryptographic Failures – #2 OWASP Top10 2021 @vixentael owasp.org/Top10/

  8. github.com/cossacklabs/themis same API across 14 platforms boring crypto hidden crypto-details

    recommended by OWASP tons of docs works on millions of devices Themis – the crypto lib 7yo, supported by a team @vixentael

  9. Where Themis is used? mobile apps other libraries chats web-

    fi rst apps Cossack Labs software critical infra fi ntech docs.cossacklabs.com/themis/community/projects-that-use-themis/ AI/ML apps @vixentael

  10. End-to-end encryption in Bear blog.bear.app/ cossacklabs.com/case-studies/bear/ @vixentael

  11. ML models encryption in AI/ML app cossacklabs.com/case-studies/ai-ml-ip-protection/ @vixentael

  12. I want to store data securely I want to send

    data securely I want to verify data integrity Solve security use-cases @vixentael

  13. ephemeral keys built in key gen built in KDF AES

    GCM / AES CTR ECDH + ECC + AES ECC + ECDSA / RSA + PSS + PKCS#7 SecureMessage SecureCell SecureComparator OTR SMP + ECC ZKP github.com/cossacklabs/themis Themis: cryptosystems store encrypted encrypt for someone encrypt session communication authenticate SecureSession @vixentael

  14. Themis OpenSSL BoringSSL LibreSSL BearSSL DSTU libsodium native GoCrypto crypto-backends

    Soter Themis Themis Core iOS Android Java python ruby WASM language wrappers Go rust js PHP C++ stable experimental @vixentael

  15. Themis Core (server & desktop OS) Ubuntu Debian CentOS /

    RHEL macOS Windows @vixentael

  16. Themis Core (server & desktop OS) Ubuntu 20.04 x64 Debian

    11 x64 Ubuntu 18.04 x64 CentOS 8 x64 Debian 10 x64 Debian 9 x64 macOS 11.5 macOS 10.15 macOS 10.14 Windows Ubuntu 16.04 x64 CentOS 7 x64 Ubuntu 16.04 x32 Debian 9 x32 @vixentael

  17. Themis OSs Ubuntu 20.04 x64 Debian 11 x64 Ubuntu 18.04

    x64 CentOS 7 x64 Ubuntu 16.04 x64 Debian 10 x64 Debian 9 x64 CentOS 8 x64 macOS 11.5 macOS 10.15 macOS 10.16 Windows iOS 10 - iOS 15 Android API 23 - 30 @vixentael

  18. easy to use or hard to misuse? Cryptographic tools should

    be

  19. make make test sudo make install Easy to use @vixentael

  20. make make test sudo make install Easy to use noone

    cares about your lib if they can’t install it using their fav package manager @vixentael

  21. Themis Core: install Ubuntu Debian CentOS / RHEL macOS Windows

    apt-get install libthemis-dev apt-get install libthemis-dev yum install libthemis-devel brew install libthemis make nsis_installer @vixentael

  22. Package managers npm install jsthemis pip install pythemis pip3 install

    pythemis gem install rbthemis mavenCentral() implementation ‘com.cossacklabs.com:themis:0.13.11’ npm install wasm-themis [dependencies] themis = “0.13.12” go get github.com/cossacklabs/themis/gothemis/... pod themis pod install github “cossacklabs/themis" carthage update @vixentael

  23. iOS speci fi cs OpenSSL Soter Themis Themis iOS BoringSSL

    C lang ObjC ObjC app Swift app ObjC <> Swift interoperability CocoaPods Carthage SPM package managers Xcode/Swift update iOS update device update package manager update Open/BoringSSL update @vixentael

  24. iOS speci fi cs @vixentael

  25. None

  26. Android speci fi cs Soter Themis Themis Java BoringSSL C

    lang Java <> C Java app Kotlin app Java <> Kotlin interoperability Themis jni @vixentael

  27. Android speci fi cs Soter Themis Themis Java BoringSSL C

    lang Java <> C Java app Kotlin app Java <> Kotlin interoperability Themis jni complicated to debug complicated to build @vixentael

  28. BoringSSL github.com/cossacklabs/themis/pull/352 CMake Error at /home/user/android-sdk/ndk-bundle/build/cmake/ android.toolchain.cmake:169 (message): GCC is

    no longer supported. See https://android.googlesource.com/platform/ndk/+/master/docs/ ClangMigration.md. @vixentael

  29. BoringSSL github.com/cossacklabs/themis/pull/352 CMake Error at /home/user/android-sdk/ndk-bundle/build/cmake/ android.toolchain.cmake:169 (message): GCC is

    no longer supported. See https://android.googlesource.com/platform/ndk/+/master/docs/ ClangMigration.md. gcc -> clang @vixentael

  30. BoringSSL github.com/cossacklabs/themis/pull/447 why so slow 🤔 @vixentael

  31. BoringSSL don’t build examples 👍 github.com/cossacklabs/themis/pull/447 @vixentael

  32. Multi-platform is hard BoringSSL is used in iOS libs by

    Google (Firebase) Themis iOS BoringSSL @vixentael

  33. Multi-platform is hard BoringSSL is used in iOS libs by

    Google (Firebase) Themis iOS BoringSSL no AES XTS in BoringSSL iOS CocoaPod 😱 😱 😱 😱 😱 😱 @vixentael

  34. Multi-platform is hard #define SOTER_BORINGSSL_DISABLE_XTS BoringSSL is used in iOS

    libs by Google (Firebase) Themis iOS BoringSSL no AES XTS in BoringSSL iOS CocoaPod @vixentael

  35. Hard to misuse

  36. — crypto that simply works, solidly resists attacks, never needs

    any upgrades. https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein Boring crypto @vixentael

  37. "Don’t give users options, because they will mess it up.

    Just tell them what to do.” dev.to/cossacklabs/schneier-on-cryptography-live-interview-4mi7 Bruce Schneier No options @vixentael

  38. encryption integration abstraction level complexity cipher crypto- library crypto- system

    boxed solution @vixentael pain

  39. CommonCrypto AES @vixentael

  40. Easy to make mistakes @vixentael

  41. should be random should use KDF(key) uses AES CBC, not

    AES GCM padding? salt? 😬 Easy to make mistakes @vixentael

  42. github.com/cossacklabs/themis Themis: hard to make mistakes @vixentael

  43. hides cryptographic details: salt, IV, KDF, padding uses AES-256-GCM github.com/cossacklabs/themis

    generates strong encryption key Themis: hard to make mistakes @vixentael

  44. hides cryptographic details: salt, IV, KDF, padding uses AES-256-GCM github.com/cossacklabs/themis

    Themis: built-in KDF uses KDF to transform passphrase into key: @vixentael

  45. one API to rule them all @vixentael

  46. Testing

  47. Testing @vixentael

  48. Testing @vixentael

  49. Testing fuzzing memory, sanitizers, SAST integration tests unit tests per

    each language, crypto: NIST- speci fi ed for PRNG & AES per OS, per language clang, Valgrind, Splint, Cppcheck backwards compatibility tests AFL between versions @vixentael

  50. CI & autotests integrated with Github unit tests, memory iOS,

    Android, macOS examples and tests everything 
 cross-platform tests GitHub actions: everything @vixentael

  51. Testing tools dev.to/cossacklabs/automated-software-security-testing-for-devs-part-1-gcf @vixentael

  52. Security testing cryptocoding internal review external audits tests github.com/veorq/cryptocoding zeroing,

    minimization, memory, constant time checks, etc cossacklabs.com/blog/macros-in-crypto-c-code.html @vixentael

  53. One readme is not enough

  54. 1. Language-speci fi c docs @vixentael

  55. 1. Language-speci fi c docs “give me code!” “too much

    to read” @vixentael

  56. @vixentael 2. “Safe to copypaste” code snippets

  57. 2. “Safe to copypaste” code snippets “how to use it

    in the app?” @vixentael

  58. 3. Example applications @vixentael

  59. 3. Example applications @vixentael

  60. 3. Example applications “but I am building unique app!” @vixentael

  61. 4. Use case speci fi c apps @vixentael

  62. 4. Use case speci fi c apps “your app works,

    but my app doesn’t” @vixentael

  63. 5. Codeless simulators debug the whole fl ow @vixentael docs.cossacklabs.com/simulator/interactive/

  64. One readme is not enough 1. Language-speci fi c docs

    2. “Safe to copypaste” code snippets 3. Example applications 4. Tutorials and use case speci fi c apps 5. Codeless simulators @vixentael

  65. @vixentael

  66. 1. Encryption lib should be: multi-platform, maintained, secure by default,

    open sourced, easy to install, hard to misuse, tested. 2. Supporting libs is VERY complicated. 3. Better to spend time on features than the crypto code. Key points @vixentael

  67. WE ARE HIRING! jobs.dou.ua/companies/cossack-labs/ vacancies/ [email protected] @vixentael