Marcin Krzyżanowski | CryptoSwift: Crypto You Can Do

Transcript

1. CryptoSwift Crypto You Can Do Marcin Krzyżanowski SwiftSummit, London 2015

2. Cryptography and Swift

3. Enigma

4. None

5. Now we have computers

6. Calculations are performed by “the magic box”

7. Frameworks

8. Cryptography and Swift • CommonCrypto

9. Cryptography and Swift • CommonCrypto • OpenSSL

10. Cryptography and Swift • CommonCrypto • OpenSSL • NaCl

11. Cryptography and Swift • CommonCrypto • OpenSSL • NaCl •

    CryptoSwift

12. Cryptography and Swift • CommonCrypto • OpenSSL • NaCl •

    CryptoSwift • CryptoJS….

13. CommonCrypto

14. CommonCrypto • The C library • Part of the system

    (iOS and OS X) • Can be used with Swift (thanks to C interoperability)

15. CommonCrypto • The C library • Part of the system

    (iOS and OS X) • Can be used with Swift (thanks to C interoperability) ‣ Unsafe pointers

16. CommonCrypto • The C library • Part of the system

    (iOS and OS X) • Can be used with Swift (thanks to C interoperability) ‣ Unsafe pointers • Sources available at opensource.apple.com

17. CommonCrypto CCCrypt( UInt32(kCCEncrypt), UInt32(kCCAlgorithmAES128), UInt32(kCCOptionPKCS7Padding), keyBytes, // UnsafePointer<Void>(keyData.bytes) key.count, ivBytes,

    // UnsafePointer<Void>(ivData.bytes) dataBytes, // UnsafePointer<Void>(data.bytes) dataLength, cryptPointer, // UnsafeMutablePointer<Void>(cryptData!.mutableBytes) cryptLength, &numBytesEncrypted )

18. CryptoSwift http://github.com/krzyzanowskim/CryptoSwift

19. Why?

20. Because I can

21. I was curious

22. To learn

23. I’m an engineer to challenge myself

24. CryptoSwift

25. CryptoSwift Raise your hand if you already know it

26. CryptoSwift • Swift framework

27. CryptoSwift • Swift framework • iOS and OS X

28. CryptoSwift • Swift framework • iOS and OS X •

    Pure Swift implementation

29. CryptoSwift • Swift framework • iOS and OS X •

    Pure Swift implementation • Constantly improved

30. A cryptographic hash function allows one to easily verify that

    some input data matches a stored hash value, but makes it hard to construct any data that would hash to the same value or find any two unique data pieces that hash to the same value. CryptoSwift - hash

31. CryptoSwift - hash • MD5, SHA1, SHA2, CRC32 import CryptoSwift

    "SwiftSummit".md5() "SwiftSummit".sha1() "SwiftSummit".sha512() "SwiftSummit".crc32()

32. “In cryptography, a cipher (or cypher) is an algorithm for

    performing encryption or decryption—a series of well-defined steps that can be followed as a procedure.” CryptoSwift - ciphers

33. CryptoSwift - ciphers Symmetric ciphers plaintext encryption ciphertext key ciphertext

    decryption plaintext

34. CryptoSwift - ciphers • AES • The Advanced Encryption Standard,

    the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST) • Hardware acceleration (not for Swift) ‣ Advanced Encryption Standard Instruction Set (AES-NI)

35. import CryptoSwift let key = "1234567890123456" // key let iv

    = "1234567890123456" // random if let aes = AES(key: key, iv: iv, blockMode: .CBC) { if let encrypted = aes.encrypt([1,2], padding: PKCS7()) { let data = NSData.withBytes(encrypted) } } CryptoSwift - ciphers

36. CryptoSwift - ciphers • ChaCha20 ‣ The stream cipher by

    J. Bernstein, built on a pseudorandom function based on add-rotate-xor operations ‣ Adopted by Apple with HomeKit, by Google with Chrome. ‣ Lack of official support in OpenSSL. Patches are waiting to be merged.

37. import CryptoSwift let key = "1234567890123456" // key let iv

    = "1234567890123456" // random if let chacha = ChaCha20(key: key, iv: iv) { if let encrypted = chacha.encrypt([1,2]) { let data = NSData.withBytes(encrypted) } } CryptoSwift - ciphers

38. enum Cipher { case ChaCha20(key: [UInt8], iv: [UInt8]) case AES(key:

    [UInt8], iv: [UInt8], blockMode: CipherBlockMode) func encrypt(bytes: [UInt8]) -> [UInt8]? func decrypt(bytes: [UInt8]) -> [UInt8]? static func randomIV(blockSize: Int) -> [UInt8] } CryptoSwift - ciphers

39. The block cipher operation is an algorithm that uses a

    block cipher to encrypt a large message CryptoSwift - block mode

40. • Electronic CodeBook ECB - Don’t use! ‣ Sequence of

    encrypted blocks, every block with the same key. CryptoSwift - block mode

41. CryptoSwift - block mode • Cipher-block Chaining CBC ‣ Sequence

    of encrypted blocks, every following block uses encrypted data as a key to the cipher. decryption is parallelizable

42. CryptoSwift - block mode • Cipher Feedback CFB ‣ Sequence

    of encrypted blocks, every following block uses encrypted data as a key to the cipher decryption is parallelizable

43. Block Mode NONCE? used only once - IV The IV

    provides semantic security identical messages have different ciphertexts

44. Authenticators The message authentication code is a short piece of

    information used to authenticate a message and to provide integrity and authenticity assurances on the message

45. CryptoSwift - authenticators • Poly1305 - a one-time authenticator ‣

    takes a 32-byte one-time key and a message and produces the 16-byte tag.

46. CryptoSwift - authenticators • Poly1305 - a one-time authenticator ‣

    takes a 32-byte one-time key and a message and produces the 16-byte tag. • HMAC - Keyed-Hashing for Message Authentication ‣ takes a key and message and produces a tag with one of the hash functions (MD5, SHA)

47. CryptoSwift enum Authenticator { case Poly1305(key: [UInt8]) case HMAC(key: [UInt8],

    variant: HMAC.Variant) func authenticate(message: [UInt8]) -> [UInt8]? }

48. CryptoSwift extension NSData { … } extension String { …

    } “message”.md5() “message”.sha512() “plaintext”.encrypt(Cipher.AES(…))

49. Performance

50. Performance • CryptoSwift implementation is significantly slower than CommonCrypto •

    It’s better with the new version of Swift • NSMutableData is slow • memory allocation is slow if the “unsafe pointer” is not used. • Array enumeration is significantly visible.

51. CryptoSwift Crypto You Can Do

52. CryptoSwift Crypto You Can Do HOW?

53. read

54. http://cr.yp.to

55. …understand nothing at first

56. re-read

57. write code

58. do tests

59. share and ask for feedback

60. fix

61. improve

62. contribute to CryptoSwift http://github.com/krzyzanowskim/CryptoSwift

63. Thank you [email protected] http://blog.krzyzanowskim.com