Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Maintaining cryptographic library for 12 languages

vixentael
November 07, 2019
Programming
1
3.9k

Maintaining cryptographic library for 12 languages

Maintaining cross-platform cryptographic library is a journey full of unexpected bugs, language-specific hacks, difficult decisions and endless struggle to make developer-facing APIs easy-to-use and hard-to-misuse.

https://github.com/cossacklabs/themis

This talk is useful for ppl that believe that perfect crypto lib is a C lib with 1-page readme :)

—————————————-

As developers, what do we want from using cryptographic tools? They should be easy to use and hard to misuse, cover complete use-cases instead of providing crypto-primitives, support language-specific style, work in the same way on numerous platforms and languages. Basically, we want less stress and more work done.

But is it so easy to maintain cross-platform crypto library? How to simplify complex crypto concepts into simple "encrypt(msg, key)" and "decrypt(data, key)" functions? How to provide unified API for 11 languages, when some of them are strongly-typed and another one is javascript? Secure by default: what design choices should be made to protect from misuse. Multi-platformness: how to make sure that message encrypted using Ruby on x64 Ubuntu 18.04 will be [successfully] decrypted on iOS12 on iPhone armv7s? Testing wildness: static analyzers, fuzzing, unit tests, integration tests. Docs: developers copy-paste from readme anyway, how to make sure that they copy-paste correct things.

I'll describe the 4yrs experience on maintaining multi-platform open source library Themis: from API design to language-specific hacks.

Bonus questions:
- what maintainers completely forget about: the biggest fail reason for users.
- what is faster in Go: calling OpenSSL via c-Go interop or using native Go crypto primitives?
- how to deal with multi-platformness, if BoringSSL for iOS doesn't support AES XTS?
- epic bug with iOS-Android compatibility, which appears to be a sad story about `size_t`.
- switching cryptographic backends for fun and profit: switching between BoringSSL, OpenSSL, LibreSSL, ~libsodium and CommonCrypto~, and governmental crypto standards of some countries, leaving same high-level API.

Key takeaways:
- cryptography is easy, but "secure by default" APIs are hard;
- never agree to support multi-platform libs;
- each language has unique hacks and typical mistakes, deal with it.

vixentael

November 07, 2019
Tweet

More Decks by vixentael

See All by vixentael
Using YubiKey and FIDO U2F for secure authentication
vixentael
0
1.8k
Data is a new security boundary
vixentael
0
6.1k
Cryptographic protection of ML models
vixentael
0
2.9k
e2ee != security != privacy
vixentael
0
2.2k
10 lines of encryption, 1500 lines of key management
vixentael
2
1.7k
Security, privacy and cryptography at WWDC19
vixentael
1
720
Data encryption: CyberKids edition
vixentael
0
640
"Defense in depth": trench warfare principles for building secure distributed applications
vixentael
3
920
Workshop: Secure Software Development: From Rookie to Hardcore in 90 Minutes
vixentael
1
1.1k

Other Decks in Programming

See All in Programming
とにかくAWS GameDay!AWSは世界の共通言語! / Anyway, AWS GameDay! AWS is the world's lingua franca!
seike460
PRO
1
550
僕がつくった48個のWebサービス達
yusukebe
18
17k
Why Spring Matters to Jakarta EE - and Vice Versa
ivargrimstad
0
1k
『ドメイン駆動設計をはじめよう』のモデリングアプローチ
masuda220
PRO
8
440
Amazon Neptuneで始めてみるグラフDB -OpenSearchによるグラフの全文検索-
satoshi256kbyte
4
330
Java ジェネリクス入門 2024
nagise
0
610
Piniaの現状と今後
waka292
5
1.5k
推し活の ハイトラフィックに立ち向かう Railsとアーキテクチャ - Kaigi on Rails 2024
falcon8823
6
2.2k
Vue3の一歩踏み込んだパフォーマンスチューニング2024
hal_spidernight
3
3.1k
Server Driven Compose With Firebase
skydoves
0
400
シールドクラスをはじめよう / Getting Started with Sealed Classes
mackey0225
3
400
弊社の「意識チョット低いアーキテクチャ」10選
texmeijin
5
23k

Featured

See All Featured
Designing for humans not robots
tammielis
249
25k
Embracing the Ebb and Flow
colly
84
4.4k
Code Reviewing Like a Champion
maltzj
519
39k
Adopting Sorbet at Scale
ufuk
73
9k
YesSQL, Process and Tooling at Scale
rocio
167
14k
Facilitating Awesome Meetings
lara
49
6k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
790
Happy Clients
brianwarren
97
6.7k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
504
140k
The Art of Programming - Codeland 2020
erikaheidi
51
13k
Imperfection Machines: The Place of Print at Facebook
scottboms
264
13k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.6k

Transcript

  1. Maintaining cryptographic library for 12 languages @vixentael

  2. Maintaining cryptographic library for 12 languages 14 @vixentael

  3. @vixentael Head of customer solutions, security software engineer. Focused on

    data security, applied crypto and building e2ee schemes. vixentael.dev

  4. cossacklabs.com/products Data security tools & solutions We make software to

    get data security right – from open-source and proprietary cryptographic tools to custom solutions and consulting. We are cryptographers, security engineers, system engineers, infrastructure engineers. @vixentael

  5. Working with companies that care about data security Critical infrastructure,

    healthcare, payment processors, ML/AI, popular apps — where data security is a hard requirement.

  6. USABLE

  7. Cryptographic Failures – #2 OWASP Top10 2021 @vixentael owasp.org/Top10/

  8. github.com/cossacklabs/themis same API across 14 platforms boring crypto hidden crypto-details

    recommended by OWASP tons of docs works on millions of devices Themis – the crypto lib 7yo, supported by a team @vixentael

  9. Where Themis is used? mobile apps other libraries chats web-

    fi rst apps Cossack Labs software critical infra fi ntech docs.cossacklabs.com/themis/community/projects-that-use-themis/ AI/ML apps @vixentael

  10. End-to-end encryption in Bear blog.bear.app/ cossacklabs.com/case-studies/bear/ @vixentael

  11. ML models encryption in AI/ML app cossacklabs.com/case-studies/ai-ml-ip-protection/ @vixentael

  12. I want to store data securely I want to send

    data securely I want to verify data integrity Solve security use-cases @vixentael

  13. ephemeral keys built in key gen built in KDF AES

    GCM / AES CTR ECDH + ECC + AES ECC + ECDSA / RSA + PSS + PKCS#7 SecureMessage SecureCell SecureComparator OTR SMP + ECC ZKP github.com/cossacklabs/themis Themis: cryptosystems store encrypted encrypt for someone encrypt session communication authenticate SecureSession @vixentael

  14. Themis OpenSSL BoringSSL LibreSSL BearSSL DSTU libsodium native GoCrypto crypto-backends

    Soter Themis Themis Core iOS Android Java python ruby WASM language wrappers Go rust js PHP C++ stable experimental @vixentael

  15. Themis Core (server & desktop OS) Ubuntu Debian CentOS /

    RHEL macOS Windows @vixentael

  16. Themis Core (server & desktop OS) Ubuntu 20.04 x64 Debian

    11 x64 Ubuntu 18.04 x64 CentOS 8 x64 Debian 10 x64 Debian 9 x64 macOS 11.5 macOS 10.15 macOS 10.14 Windows Ubuntu 16.04 x64 CentOS 7 x64 Ubuntu 16.04 x32 Debian 9 x32 @vixentael

  17. Themis OSs Ubuntu 20.04 x64 Debian 11 x64 Ubuntu 18.04

    x64 CentOS 7 x64 Ubuntu 16.04 x64 Debian 10 x64 Debian 9 x64 CentOS 8 x64 macOS 11.5 macOS 10.15 macOS 10.16 Windows iOS 10 - iOS 15 Android API 23 - 30 @vixentael

  18. easy to use or hard to misuse? Cryptographic tools should

    be

  19. make make test sudo make install Easy to use @vixentael

  20. make make test sudo make install Easy to use noone

    cares about your lib if they can’t install it using their fav package manager @vixentael

  21. Themis Core: install Ubuntu Debian CentOS / RHEL macOS Windows

    apt-get install libthemis-dev apt-get install libthemis-dev yum install libthemis-devel brew install libthemis make nsis_installer @vixentael

  22. Package managers npm install jsthemis pip install pythemis pip3 install

    pythemis gem install rbthemis mavenCentral() implementation ‘com.cossacklabs.com:themis:0.13.11’ npm install wasm-themis [dependencies] themis = “0.13.12” go get github.com/cossacklabs/themis/gothemis/... pod themis pod install github “cossacklabs/themis" carthage update @vixentael

  23. iOS speci fi cs OpenSSL Soter Themis Themis iOS BoringSSL

    C lang ObjC ObjC app Swift app ObjC <> Swift interoperability CocoaPods Carthage SPM package managers Xcode/Swift update iOS update device update package manager update Open/BoringSSL update @vixentael

  24. iOS speci fi cs @vixentael

  25. None

  26. Android speci fi cs Soter Themis Themis Java BoringSSL C

    lang Java <> C Java app Kotlin app Java <> Kotlin interoperability Themis jni @vixentael

  27. Android speci fi cs Soter Themis Themis Java BoringSSL C

    lang Java <> C Java app Kotlin app Java <> Kotlin interoperability Themis jni complicated to debug complicated to build @vixentael

  28. BoringSSL github.com/cossacklabs/themis/pull/352 CMake Error at /home/user/android-sdk/ndk-bundle/build/cmake/ android.toolchain.cmake:169 (message): GCC is

    no longer supported. See https://android.googlesource.com/platform/ndk/+/master/docs/ ClangMigration.md. @vixentael

  29. BoringSSL github.com/cossacklabs/themis/pull/352 CMake Error at /home/user/android-sdk/ndk-bundle/build/cmake/ android.toolchain.cmake:169 (message): GCC is

    no longer supported. See https://android.googlesource.com/platform/ndk/+/master/docs/ ClangMigration.md. gcc -> clang @vixentael

  30. BoringSSL github.com/cossacklabs/themis/pull/447 why so slow 🤔 @vixentael

  31. BoringSSL don’t build examples 👍 github.com/cossacklabs/themis/pull/447 @vixentael

  32. Multi-platform is hard BoringSSL is used in iOS libs by

    Google (Firebase) Themis iOS BoringSSL @vixentael

  33. Multi-platform is hard BoringSSL is used in iOS libs by

    Google (Firebase) Themis iOS BoringSSL no AES XTS in BoringSSL iOS CocoaPod 😱 😱 😱 😱 😱 😱 @vixentael

  34. Multi-platform is hard #define SOTER_BORINGSSL_DISABLE_XTS BoringSSL is used in iOS

    libs by Google (Firebase) Themis iOS BoringSSL no AES XTS in BoringSSL iOS CocoaPod @vixentael

  35. Hard to misuse

  36. — crypto that simply works, solidly resists attacks, never needs

    any upgrades. https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein Boring crypto @vixentael

  37. "Don’t give users options, because they will mess it up.

    Just tell them what to do.” dev.to/cossacklabs/schneier-on-cryptography-live-interview-4mi7 Bruce Schneier No options @vixentael

  38. encryption integration abstraction level complexity cipher crypto- library crypto- system

    boxed solution @vixentael pain

  39. CommonCrypto AES @vixentael

  40. Easy to make mistakes @vixentael

  41. should be random should use KDF(key) uses AES CBC, not

    AES GCM padding? salt? 😬 Easy to make mistakes @vixentael

  42. github.com/cossacklabs/themis Themis: hard to make mistakes @vixentael

  43. hides cryptographic details: salt, IV, KDF, padding uses AES-256-GCM github.com/cossacklabs/themis

    generates strong encryption key Themis: hard to make mistakes @vixentael

  44. hides cryptographic details: salt, IV, KDF, padding uses AES-256-GCM github.com/cossacklabs/themis

    Themis: built-in KDF uses KDF to transform passphrase into key: @vixentael

  45. one API to rule them all @vixentael

  46. Testing

  47. Testing @vixentael

  48. Testing @vixentael

  49. Testing fuzzing memory, sanitizers, SAST integration tests unit tests per

    each language, crypto: NIST- speci fi ed for PRNG & AES per OS, per language clang, Valgrind, Splint, Cppcheck backwards compatibility tests AFL between versions @vixentael

  50. CI & autotests integrated with Github unit tests, memory iOS,

    Android, macOS examples and tests everything 
 cross-platform tests GitHub actions: everything @vixentael

  51. Testing tools dev.to/cossacklabs/automated-software-security-testing-for-devs-part-1-gcf @vixentael

  52. Security testing cryptocoding internal review external audits tests github.com/veorq/cryptocoding zeroing,

    minimization, memory, constant time checks, etc cossacklabs.com/blog/macros-in-crypto-c-code.html @vixentael

  53. One readme is not enough

  54. 1. Language-speci fi c docs @vixentael

  55. 1. Language-speci fi c docs “give me code!” “too much

    to read” @vixentael

  56. @vixentael 2. “Safe to copypaste” code snippets

  57. 2. “Safe to copypaste” code snippets “how to use it

    in the app?” @vixentael

  58. 3. Example applications @vixentael

  59. 3. Example applications @vixentael

  60. 3. Example applications “but I am building unique app!” @vixentael

  61. 4. Use case speci fi c apps @vixentael

  62. 4. Use case speci fi c apps “your app works,

    but my app doesn’t” @vixentael

  63. 5. Codeless simulators debug the whole fl ow @vixentael docs.cossacklabs.com/simulator/interactive/

  64. One readme is not enough 1. Language-speci fi c docs

    2. “Safe to copypaste” code snippets 3. Example applications 4. Tutorials and use case speci fi c apps 5. Codeless simulators @vixentael

  65. @vixentael

  66. 1. Encryption lib should be: multi-platform, maintained, secure by default,

    open sourced, easy to install, hard to misuse, tested. 2. Supporting libs is VERY complicated. 3. Better to spend time on features than the crypto code. Key points @vixentael

  67. WE ARE HIRING! jobs.dou.ua/companies/cossack-labs/ vacancies/ [email protected] @vixentael