Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CryptoSwift: Crypto You Can Do

CryptoSwift: Crypto You Can Do

7b2fdba8077c8495b3caa6f36d0928da?s=128

Marcin Krzyzanowski

March 22, 2015
Tweet

Transcript

  1. CryptoSwift Crypto You Can Do Marcin Krzyżanowski SwiftSummit, London 2015

  2. Cryptography and Swift

  3. Enigma

  4. None
  5. Now we have computers

  6. Calculations are performed by “the magic box”

  7. Frameworks

  8. Cryptography and Swift • CommonCrypto

  9. Cryptography and Swift • CommonCrypto • OpenSSL

  10. Cryptography and Swift • CommonCrypto • OpenSSL • NaCl

  11. Cryptography and Swift • CommonCrypto • OpenSSL • NaCl •

    CryptoSwift
  12. Cryptography and Swift • CommonCrypto • OpenSSL • NaCl •

    CryptoSwift • CryptoJS….
  13. CommonCrypto

  14. CommonCrypto • The C library • Part of the system

    (iOS and OS X) • Can be used with Swift (thanks to C interoperability)
  15. CommonCrypto • The C library • Part of the system

    (iOS and OS X) • Can be used with Swift (thanks to C interoperability) ‣ Unsafe pointers
  16. CommonCrypto • The C library • Part of the system

    (iOS and OS X) • Can be used with Swift (thanks to C interoperability) ‣ Unsafe pointers • Sources available at opensource.apple.com
  17. CommonCrypto CCCrypt( UInt32(kCCEncrypt), UInt32(kCCAlgorithmAES128), UInt32(kCCOptionPKCS7Padding), keyBytes, // UnsafePointer<Void>(keyData.bytes) key.count, ivBytes,

    // UnsafePointer<Void>(ivData.bytes) dataBytes, // UnsafePointer<Void>(data.bytes) dataLength, cryptPointer, // UnsafeMutablePointer<Void>(cryptData!.mutableBytes) cryptLength, &numBytesEncrypted )
  18. CryptoSwift http://github.com/krzyzanowskim/CryptoSwift

  19. Why?

  20. Because I can

  21. I was curious

  22. To learn

  23. I’m an engineer to challenge myself

  24. CryptoSwift

  25. CryptoSwift Raise your hand if you already know it

  26. CryptoSwift • Swift framework

  27. CryptoSwift • Swift framework • iOS and OS X

  28. CryptoSwift • Swift framework • iOS and OS X •

    Pure Swift implementation
  29. CryptoSwift • Swift framework • iOS and OS X •

    Pure Swift implementation • Constantly improved
  30. A cryptographic hash function allows one to easily verify that

    some input data matches a stored hash value, but makes it hard to construct any data that would hash to the same value or find any two unique data pieces that hash to the same value. CryptoSwift - hash
  31. CryptoSwift - hash • MD5, SHA1, SHA2, CRC32 import CryptoSwift

    "SwiftSummit".md5() "SwiftSummit".sha1() "SwiftSummit".sha512() "SwiftSummit".crc32()
  32. “In cryptography, a cipher (or cypher) is an algorithm for

    performing encryption or decryption—a series of well-defined steps that can be followed as a procedure.” CryptoSwift - ciphers
  33. CryptoSwift - ciphers Symmetric ciphers plaintext encryption ciphertext key ciphertext

    decryption plaintext
  34. CryptoSwift - ciphers • AES • The Advanced Encryption Standard,

    the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST) • Hardware acceleration (not for Swift) ‣ Advanced Encryption Standard Instruction Set (AES-NI)
  35. import CryptoSwift let key = "1234567890123456" // key let iv

    = "1234567890123456" // random if let aes = AES(key: key, iv: iv, blockMode: .CBC) { if let encrypted = aes.encrypt([1,2], padding: PKCS7()) { let data = NSData.withBytes(encrypted) } } CryptoSwift - ciphers
  36. CryptoSwift - ciphers • ChaCha20 ‣ The stream cipher by

    D. J. Bernstein, built on a pseudorandom function based on add-rotate-xor operations ‣ Adopted by Apple with HomeKit, by Google with Chrome (replace RC4) ‣ Lack of official support in OpenSSL. Patches are waiting to be merged.
  37. import CryptoSwift let key = "1234567890123456" // key let iv

    = "1234567890123456" // random if let chacha = ChaCha20(key: key, iv: iv) { if let encrypted = chacha.encrypt([1,2]) { let data = NSData.withBytes(encrypted) } } CryptoSwift - ciphers
  38. enum Cipher { case ChaCha20(key: [UInt8], iv: [UInt8]) case AES(key:

    [UInt8], iv: [UInt8], blockMode: CipherBlockMode) func encrypt(bytes: [UInt8]) -> [UInt8]? func decrypt(bytes: [UInt8]) -> [UInt8]? static func randomIV(blockSize: Int) -> [UInt8] } CryptoSwift - ciphers
  39. The block cipher operation is an algorithm that uses a

    block cipher to encrypt a large message CryptoSwift - block mode
  40. • ECB (Electronic Codebook) • CBC (Cipher Block Chaining) •

    CFB (Cipher Feedback) • CTR (Counter) CryptoSwift - block mode
  41. • Electronic CodeBook ECB - Don’t use! ‣ Sequence of

    encrypted blocks, every block with the same key. CryptoSwift - block mode
  42. CryptoSwift - block mode • Cipher-block Chaining CBC ‣ Sequence

    of encrypted blocks, every following block uses encrypted data as a key to the cipher. decryption is parallelizable
  43. Authenticators The message authentication code is a short piece of

    information used to authenticate a message and to provide integrity and authenticity assurances on the message
  44. CryptoSwift - authenticators • Poly1305 - a one-time authenticator ‣

    takes a 32-byte one-time key and a message and produces the 16-byte tag. • HMAC - Keyed-Hashing for Message Authentication ‣ takes a key and message and produces a tag with one of the hash functions (MD5, SHA)
  45. CryptoSwift enum Authenticator { case Poly1305(key: [UInt8]) case HMAC(key: [UInt8],

    variant: HMAC.Variant) func authenticate(message: [UInt8]) -> [UInt8]? }
  46. CryptoSwift extension NSData { … } extension String { …

    } “message”.md5() “message”.sha512() “plaintext”.encrypt(Cipher.AES(…))
  47. Performance

  48. Performance • CryptoSwift implementation is significantly slower than CommonCrypto •

    It’s better with the new version of Swift • NSMutableData is slow • memory allocation is slow if the “unsafe pointer” is not used. • Array enumeration is significantly visible.
  49. CryptoSwift Crypto You Can Do

  50. CryptoSwift Crypto You Can Do HOW?

  51. read http://cr.yp.to by J. Bernstein

  52. …understand nothing at first

  53. re-read

  54. write code, try

  55. do tests

  56. share and ask for feedback

  57. fix & improve

  58. contribute to CryptoSwift http://github.com/krzyzanowskim/CryptoSwift

  59. Thank you marcin.krzyzanowski@gmail.com http://blog.krzyzanowskim.com