Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What's New in Go Crypto? by Nick Sullivan

Paul Burt
February 18, 2016

What's New in Go Crypto? by Nick Sullivan

Uploading for the 2/17 Go 1.6 release party, at Docker HQ.

Talk given at GoSF:
http://www.meetup.com/golangsf/

Paul Burt

February 18, 2016
Tweet

More Decks by Paul Burt

Other Decks in Technology

Transcript

  1. What’s new in Go Crypto?
    Nick Sullivan (@grittygrease)
    GoSF Go 1.6 Release Party
    February 17, 2015

    View full-size slide

  2. Go’s Crypto Packages
    AES, DES, RC4
    RSA, ECDSA
    SHA-1, SHA-2
    HMAC
    2

    View full-size slide

  3. Go’s Crypto Packages
    X.509
    TLS
    3

    View full-size slide

  4. Who gits the blame?
    19012 Adam Langley
    5099 David Crawshaw
    4468 Vlad Krasnov
    3939 Russ Cox
    3074 Shenghou Ma
    1576 Yasuhiro Matsumoto
    1216 Joel Sing
    1190 Robert Griesemer
    653 Nan Deng
    641 Dave Cheney
    610 Mikkel Krautz
    560 Kyle Isom
    557 Rob Pike
    553 Jonathan Rodenberg
    499 Shenghou Ma
    397 Gautham Thambidorai
    395 Brad Fitzpatrick
    389 Nevins Bartolomeo
    351 Jacob H. Haven
    345 Han-Wen Nienhuys
    330 Luit van Drongelen
    317 Rémy Oudompheng
    282 Conrad Meyer
    281 Taru Karttunen
    280 Paul van Brouwershaven
    260 David Leon Gil
    241 Roger Peppe
    233 Nick Craig-Wood
    219 Benjamin Black
    211 Jeff Wendling
    196 Anthony Martin
    167 Andy Davis
    159 Peter Mundy
    153 Jeff R. Allen
    152 Josh Bleecher Snyder
    151 Shawn Smith
    123 Nick Sullivan
    4

    View full-size slide

  5. 19012 Adam Langley
    5099 David Crawshaw
    4468 Vlad Krasnov
    3939 Russ Cox
    3074 Shenghou Ma
    1576 Yasuhiro Matsumoto
    1216 Joel Sing
    1190 Robert Griesemer
    653 Nan Deng
    641 Dave Cheney
    610 Mikkel Krautz
    560 Kyle Isom
    557 Rob Pike
    553 Jonathan Rodenberg
    499 Shenghou Ma
    397 Gautham Thambidorai
    395 Brad Fitzpatrick
    389 Nevins Bartolomeo
    351 Jacob H. Haven
    345 Han-Wen Nienhuys
    330 Luit van Drongelen
    317 Rémy Oudompheng
    282 Conrad Meyer
    281 Taru Karttunen
    280 Paul van Brouwershaven
    260 David Leon Gil
    241 Roger Peppe
    233 Nick Craig-Wood
    219 Benjamin Black
    211 Jeff Wendling
    196 Anthony Martin
    167 Andy Davis
    159 Peter Mundy
    153 Jeff R. Allen
    152 Josh Bleecher Snyder
    151 Shawn Smith
    123 Nick Sullivan
    Who gits the blame?
    5
    4468 Vlad Krasnov
    560 Kyle Isom
    303 Jacob H. Haven
    39 Nick Sullivan

    View full-size slide

  6. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    1.6

    View full-size slide

  7. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    rrdns
    cfssl
    gokeyless
    railgun
    1.6

    View full-size slide

  8. RAILGUN
    Defying Physics on the Web

    View full-size slide

  9. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    railgun
    1.6

    View full-size slide

  10. Encrypted with TLS
    …huge CPU hog

    View full-size slide

  11. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    Go Crypto
    RC4
    railgun
    1.6

    View full-size slide

  12. Vlad The Compiler

    View full-size slide

  13. • Assembly implementation of AES-GCM
    • In Go master in time for 1.6
    Vlad The Compiler

    View full-size slide

  14. AES-GCM Performance
    benchmark old MB/s new MB/s speedup
    BenchmarkAESGCMSeal8K 89.31 2559.62 28.66x
    BenchmarkAESGCMOpen8K 89.54 2463.78 27.52x
    BenchmarkAESGCMSeal1K 86.24 1872.49 21.71x
    BenchmarkAESGCMOpen1K 86.53 1721.78 19.90x

    View full-size slide

  15. AES-GCM Assembly
    if hasGCMAsm() {
    return &aesCipherGCM{c}, nil
    }
    src/crypto/aes/gcm_amd64.s

    View full-size slide

  16. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    Go Crypto
    RC4
    MorsingTime
    Go Crypto
    AES-GCM
    Use
    CSRs
    railgun
    ECDSA
    Certs
    1.6

    View full-size slide

  17. CFSSL
    Full-featured CA
    X.509 certificate chain bundler
    TLS configuration scanner

    View full-size slide

  18. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    CFSSL
    1.6

    View full-size slide

  19. How Railguns Get Keys

    View full-size slide

  20. PKI the whole internal infrastructure

    View full-size slide

  21. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    CFSSL ECDSA
    support
    in x509
    CSR
    Support
    Open Source
    1.6

    View full-size slide

  22. crypto.Signer: a private key interface
    type Signer interface {
    Public() PublicKey
    Sign(rand io.Reader, msg []byte, opts SignerOpts) (signature []byte, err error)
    }
    rsa.PrivateKey and ecdsa.PrivateKey both implement Signer
    25

    View full-size slide

  23. PKCS#11
    github.com/cloudflare/cfssl/crypto/pkcs11key
    type PKCS11Key struct {
    module *pkcs11.Ctx
    slotDescription string
    pin string
    publicKey rsa.PublicKey
    privateKeyHandle pkcs11.ObjectHandle
    }
    26

    View full-size slide

  24. PKCS#11
    27
    func (ps *PKCS11Key) Sign(rand io.Reader, msg []byte, opts
    crypto.SignerOpts) (signature []byte, err error) {
    // Verify that the length of the hash is as expected
    hash := opts.HashFunc()
    hashLen := hash.Size()
    if len(msg) != hashLen {
    err = errors.New("input size does not match hash function
    output size")
    return
    }
    // Add DigestInfo prefix
    mechanism :=
    []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_RSA_PKCS, nil)}
    prefix, ok := hashPrefixes[hash]
    if !ok {
    err = errors.New("unknown hash function")
    return
    }
    signatureInput := append(prefix, msg...)
    // Open a session
    session, err := ps.openSession()
    if err != nil {
    return
    }
    defer ps.closeSession(session)
    // Perform the sign operation
    err = ps.module.SignInit(session, mechanism,
    ps.privateKeyHandle)
    if err != nil {
    return
    }
    signature, err = ps.module.Sign(session, signatureInput)
    return
    }

    View full-size slide

  25. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    CFSSL ECDSA
    support
    in x509
    CSR
    Support
    crypto.Signer
    interface
    PKCS#11
    Support
    Open Source
    1.6

    View full-size slide

  26. RRDNS
    Authoritative DNS Server and DNS Proxy

    View full-size slide

  27. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    rrdns
    1.6

    View full-size slide

  28. Authoritative
    Servers
    31

    View full-size slide

  29. Cache Poisoning (Kaminsky’s attack)
    32
    Resolver Authoritative
    Server
    Q: what is the IP address of cloudflare.com
    A: 198.41.213.157
    A: 6.6.6.6
    A: 6.6.6.6
    A: 6.6.6.6
    A: 6.6.6.6
    A: 6.6.6.6
    A: 6.6.6.6
    A: 6.6.6.6

    View full-size slide

  30. Man-in-the-middle
    33
    Resolver
    Authoritative
    Server
    Q: what is the IP address of cloudflare.com
    A: 198.41.213.157
    A: 6.6.6.6

    View full-size slide

  31. Solution: DNSSEC (done right)
    Digital signatures in the DNS
    Live-signed answers
    Elliptic curve keys
    34

    View full-size slide

  32. github.com/cloudflare/go
    • Assembly implementation of P256
    • In Go 1.6! Thanks Intel!
    Vlad The Compiler

    View full-size slide

  33. P256 Performance Improvement
    ECDSA Sign: 21X
    ECDSA Verify: 9X
    BaseMult (ECDH): 30X

    View full-size slide

  34. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    rrdns FilippoTime
    DNSSEC
    Prototype
    P256 ASM
    DNSSEC
    Beta
    crypto.Signer
    1.6

    View full-size slide

  35. gokeyless
    taking the private key out of TLS

    View full-size slide

  36. TLS in RSA mode
    39
    Private Key

    View full-size slide

  37. TLS in RSA mode - Keyless
    40
    Private Key

    View full-size slide

  38. Geography of TLS
    41

    View full-size slide

  39. 42
    Geography of Keyless SSL

    View full-size slide

  40. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    gokeyless
    keyless (C)
    HavenTime
    1.6

    View full-size slide

  41. New interface: crypto.Decrypter
    type Signer interface {
    Public() PublicKey
    Sign(rand io.Reader, msg []byte, opts SignerOpts) (signature []byte, err error)
    }
    type Decrypter interface {
    Public() PublicKey
    Decrypt(rand io.Reader, msg []byte, opts DecrypterOpts) (plaintext []byte, err error)
    }
    44

    View full-size slide

  42. Using it in TLS
    return &tls.Config{
    Certificates: []tls.Certificate{cert},
    RootCAs: SystemRoots,
    ServerName: host,
    CipherSuites: CipherSuites,
    MinVersion: tls.VersionTLS12,
    }
    45
    type Certificate struct {
    Certificate [][]byte
    PrivateKey crypto.PrivateKey
    OCSPStaple []byte
    SignedCertificateTimestamps [][]byte
    Leaf *x509.Certificate
    }

    View full-size slide

  43. github.com/cloudflare/go
    • Faster implementation of RSA
    • In Go 1.5
    • (bugfix in Go 1.6)
    Vlad The Compiler

    View full-size slide

  44. RSA Performance
    benchmark old ns/op new ns/op delta
    BenchmarkRSA2048Decrypt 6696649 3073769 -54.10%

    View full-size slide

  45. New additions to Go 1.5
    crypto.Decrypter, crypto.Signer support in x509, tls
    AES_256_GCM_SHA384 cipher suites
    Faster RSA operations
    48

    View full-size slide

  46. New additions to Go 1.6
    20x Faster Elliptic Curves (P256)
    20x Faster AES-GCM
    49

    View full-size slide

  47. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    gokeyless
    keyless (C)
    opaque keys
    in TLS
    HavenTime
    AES 256
    RSA Mont
    1.6

    View full-size slide

  48. This is now possible in Go
    TLS load balancer backed by hardware (PKCS#11, TPM coming soon)
    Arbitrary RSA/ECDSA Implementations
    51

    View full-size slide

  49. 1.0
    2012 2013 2014 2015
    1.1
    1.2
    2016
    1.3
    1.4
    1.5
    rrdns
    cfssl
    gokeyless
    railgun
    1.6

    View full-size slide

  50. ❤Go Crypto

    View full-size slide

  51. What’s new in Go Crypto?
    Nick Sullivan (@grittygrease)
    GoSF Go 1.6 Release Party
    February 17, 2015

    View full-size slide