Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Maintaining cryptographic library for 12 languages

vixentael
November 07, 2019
Programming
1
3k

Maintaining cryptographic library for 12 languages

Maintaining cross-platform cryptographic library is a journey full of unexpected bugs, language-specific hacks, difficult decisions and endless struggle to make developer-facing APIs easy-to-use and hard-to-misuse.

https://github.com/cossacklabs/themis

This talk is useful for ppl that believe that perfect crypto lib is a C lib with 1-page readme :)

—————————————-

As developers, what do we want from using cryptographic tools? They should be easy to use and hard to misuse, cover complete use-cases instead of providing crypto-primitives, support language-specific style, work in the same way on numerous platforms and languages. Basically, we want less stress and more work done.

But is it so easy to maintain cross-platform crypto library? How to simplify complex crypto concepts into simple "encrypt(msg, key)" and "decrypt(data, key)" functions? How to provide unified API for 11 languages, when some of them are strongly-typed and another one is javascript? Secure by default: what design choices should be made to protect from misuse. Multi-platformness: how to make sure that message encrypted using Ruby on x64 Ubuntu 18.04 will be [successfully] decrypted on iOS12 on iPhone armv7s? Testing wildness: static analyzers, fuzzing, unit tests, integration tests. Docs: developers copy-paste from readme anyway, how to make sure that they copy-paste correct things.

I'll describe the 4yrs experience on maintaining multi-platform open source library Themis: from API design to language-specific hacks.

Bonus questions:
- what maintainers completely forget about: the biggest fail reason for users.
- what is faster in Go: calling OpenSSL via c-Go interop or using native Go crypto primitives?
- how to deal with multi-platformness, if BoringSSL for iOS doesn't support AES XTS?
- epic bug with iOS-Android compatibility, which appears to be a sad story about `size_t`.
- switching cryptographic backends for fun and profit: switching between BoringSSL, OpenSSL, LibreSSL, ~libsodium and CommonCrypto~, and governmental crypto standards of some countries, leaving same high-level API.

Key takeaways:
- cryptography is easy, but "secure by default" APIs are hard;
- never agree to support multi-platform libs;
- each language has unique hacks and typical mistakes, deal with it.

vixentael

November 07, 2019
Tweet

More Decks by vixentael

See All by vixentael
Data is a new security boundary
vixentael
0
2.9k
Cryptographic protection of ML models
vixentael
0
2.2k
e2ee != security != privacy
vixentael
1
1.9k
10 lines of encryption, 1500 lines of key management
vixentael
2
1.3k
Security, privacy and cryptography at WWDC19
vixentael
1
520
Data encryption: CyberKids edition
vixentael
0
450
"Defense in depth": trench warfare principles for building secure distributed applications
vixentael
3
760
Workshop: Secure Software Development: From Rookie to Hardcore in 90 Minutes
vixentael
1
910
"A death by thousand cuts"
vixentael
1
240

Other Decks in Programming

See All in Programming
ドメインを中心にしたプロダクト開発/domain-driven-product
hirodragon112
1
200
リアーキテクチャによってどうなりたいか/re-architecture
suzukihoge
2
310
サーバーレスで負荷試験を行う必要性と実践的プラクティスの紹介/slsdays-tokyo-2023
slsops
0
110
個人開発のiOSアプリでUI/UXを標準に寄せてみた / 20230919_orochi
uhooi
0
340
どうするLeSS - スクラムフェス三河2023.9.16
stanby_inc
1
120
iOSエンジニアに求められる役割について
teamlab
PRO
0
160
近代フロントエンドの歴史とKuma UIの登場意義
poteboy
3
3.8k
Migrating From Spring Boot 2 To Spring Boot 3 - What's Jakarta EE Got To Do with It?
ivargrimstad
0
300
テスト自動化ツールを比較してみた 導入後の課題と相性の良いテスト
tapompom
2
450
GO TechTalk #22 Reactで描くタクシーアプリ『GO』の世界
mot_techtalk
0
180
Jetpack Compose の Side-effect を使いこなす / DroidKaigi 2023
star_zero
1
740
外部APIとズブズブな開発どうしてますか?
kin29
1
320

Featured

See All Featured
The MySQL Ecosystem @ GitHub 2015
samlambert
240
11k
Building Flexible Design Systems
yeseniaperezcruz
317
36k
RailsConf 2023
tenderlove
0
240
BBQ
matthewcrist
76
8.4k
Six Lessons from altMBA
skipperchong
17
2.6k
Git: the NoSQL Database
bkeepers
PRO
420
61k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
36
22k
Designing on Purpose - Digital PM Summit 2013
jponch
108
6.1k
Designing the Hi-DPI Web
ddemaree
274
33k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
239
20k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
3.9k
Optimising Largest Contentful Paint
csswizardry
6
1.8k

Transcript

  1. Maintaining cryptographic library


    for 12 languages
    @vixentael

    View Slide

  2. Maintaining cryptographic library


    for 12 languages
    14
    @vixentael

    View Slide

  3. @vixentael
    Head of customer solutions,
    security software engineer.
    Focused on data security,
    applied crypto and building
    e2ee schemes.
    vixentael.dev

    View Slide

  4. cossacklabs.com/products
    Data security tools & solutions
    We make software to get data security right –
    from open-source and proprietary cryptographic
    tools to custom solutions and consulting.
    We are cryptographers, security engineers,
    system engineers, infrastructure engineers.
    @vixentael

    View Slide

  5. Working with companies


    that care about data security
    Critical infrastructure, healthcare,
    payment processors, ML/AI,
    popular apps — where data
    security is a hard requirement.

    View Slide

  6. USABLE

    View Slide

  7. Cryptographic Failures – #2
    OWASP Top10 2021
    @vixentael
    owasp.org/Top10/

    View Slide

  8. github.com/cossacklabs/themis
    same API across 14 platforms
    boring crypto
    hidden crypto-details
    recommended by OWASP
    tons of docs
    works on millions of devices
    Themis – the crypto lib
    7yo, supported by a team
    @vixentael

    View Slide

  9. Where Themis is used?
    mobile apps
    other libraries chats
    web-
    fi
    rst apps
    Cossack Labs software
    critical infra
    fi
    ntech
    docs.cossacklabs.com/themis/community/projects-that-use-themis/
    AI/ML apps
    @vixentael

    View Slide

  10. End-to-end encryption in Bear
    blog.bear.app/
    cossacklabs.com/case-studies/bear/
    @vixentael

    View Slide

  11. ML models encryption in AI/ML app
    cossacklabs.com/case-studies/ai-ml-ip-protection/
    @vixentael

    View Slide

  12. I want to store data securely
    I want to send data securely
    I want to verify data integrity
    Solve security use-cases
    @vixentael

    View Slide

  13. ephemeral keys
    built in key gen
    built in KDF
    AES GCM /


    AES CTR ECDH + ECC + AES
    ECC + ECDSA /


    RSA + PSS + PKCS#7
    SecureMessage
    SecureCell SecureComparator
    OTR SMP + ECC
    ZKP
    github.com/cossacklabs/themis
    Themis: cryptosystems
    store
    encrypted
    encrypt for
    someone
    encrypt session
    communication authenticate
    SecureSession
    @vixentael

    View Slide

  14. Themis
    OpenSSL BoringSSL LibreSSL
    BearSSL
    DSTU libsodium native GoCrypto
    crypto-backends
    Soter
    Themis
    Themis Core
    iOS Android Java python ruby WASM
    language wrappers
    Go rust
    js PHP
    C++
    stable
    experimental
    @vixentael

    View Slide

  15. Themis Core (server & desktop OS)
    Ubuntu
    Debian
    CentOS / RHEL
    macOS
    Windows
    @vixentael

    View Slide

  16. Themis Core (server & desktop OS)
    Ubuntu 20.04 x64
    Debian 11 x64
    Ubuntu 18.04 x64
    CentOS 8 x64
    Debian 10 x64 Debian 9 x64
    macOS 11.5 macOS 10.15 macOS 10.14
    Windows
    Ubuntu 16.04 x64
    CentOS 7 x64
    Ubuntu 16.04 x32
    Debian 9 x32
    @vixentael

    View Slide

  17. Themis OSs
    Ubuntu 20.04 x64 Debian 11 x64
    Ubuntu 18.04 x64
    CentOS 7 x64
    Ubuntu 16.04 x64
    Debian 10 x64 Debian 9 x64 CentOS 8 x64
    macOS 11.5 macOS 10.15 macOS 10.16 Windows
    iOS 10 - iOS 15
    Android API 23 - 30
    @vixentael

    View Slide

  18. easy to use or hard to misuse?
    Cryptographic tools should be

    View Slide

  19. make


    make test


    sudo make install
    Easy to use
    @vixentael

    View Slide

  20. make


    make test


    sudo make install
    Easy to use
    noone cares about your lib if they can’t install it
    using their fav package manager
    @vixentael

    View Slide

  21. Themis Core: install
    Ubuntu
    Debian
    CentOS / RHEL
    macOS
    Windows
    apt-get install libthemis-dev
    apt-get install libthemis-dev
    yum install libthemis-devel
    brew install libthemis
    make nsis_installer
    @vixentael

    View Slide

  22. Package managers
    npm install jsthemis
    pip install pythemis
    pip3 install pythemis
    gem install rbthemis
    mavenCentral()


    implementation ‘com.cossacklabs.com:themis:0.13.11’


    npm install wasm-themis
    [dependencies]


    themis = “0.13.12”
    go get github.com/cossacklabs/themis/gothemis/...
    pod themis


    pod install
    github “cossacklabs/themis"


    carthage update
    @vixentael

    View Slide

  23. iOS speci
    fi
    cs
    OpenSSL
    Soter
    Themis
    Themis iOS
    BoringSSL
    C lang
    ObjC
    ObjC
    app
    Swift
    app
    ObjC <> Swift
    interoperability
    CocoaPods
    Carthage
    SPM
    package managers
    Xcode/Swift update
    iOS update
    device update
    package manager update
    Open/BoringSSL update
    @vixentael

    View Slide

  24. iOS speci
    fi
    cs
    @vixentael

    View Slide

  25. View Slide

  26. Android speci
    fi
    cs
    Soter
    Themis
    Themis Java
    BoringSSL
    C lang
    Java <> C
    Java
    app
    Kotlin
    app
    Java <> Kotlin
    interoperability
    Themis jni
    @vixentael

    View Slide

  27. Android speci
    fi
    cs
    Soter
    Themis
    Themis Java
    BoringSSL
    C lang
    Java <> C
    Java
    app
    Kotlin
    app
    Java <> Kotlin
    interoperability
    Themis jni complicated to debug
    complicated to build
    @vixentael

    View Slide

  28. BoringSSL
    github.com/cossacklabs/themis/pull/352
    CMake Error at /home/user/android-sdk/ndk-bundle/build/cmake/
    android.toolchain.cmake:169 (message): GCC is no longer supported.


    See https://android.googlesource.com/platform/ndk/+/master/docs/
    ClangMigration.md.


    @vixentael

    View Slide

  29. BoringSSL
    github.com/cossacklabs/themis/pull/352
    CMake Error at /home/user/android-sdk/ndk-bundle/build/cmake/
    android.toolchain.cmake:169 (message): GCC is no longer supported.


    See https://android.googlesource.com/platform/ndk/+/master/docs/
    ClangMigration.md.


    gcc -> clang
    @vixentael

    View Slide

  30. BoringSSL
    github.com/cossacklabs/themis/pull/447
    why so slow 🤔
    @vixentael

    View Slide

  31. BoringSSL
    don’t build examples
    👍
    github.com/cossacklabs/themis/pull/447 @vixentael

    View Slide

  32. Multi-platform is hard
    BoringSSL is used in iOS libs
    by Google (Firebase)
    Themis iOS
    BoringSSL
    @vixentael

    View Slide

  33. Multi-platform is hard
    BoringSSL is used in iOS libs
    by Google (Firebase)
    Themis iOS
    BoringSSL
    no AES XTS in BoringSSL iOS CocoaPod
    😱 😱
    😱
    😱
    😱
    😱
    @vixentael

    View Slide

  34. Multi-platform is hard
    #define SOTER_BORINGSSL_DISABLE_XTS
    BoringSSL is used in iOS libs
    by Google (Firebase)
    Themis iOS
    BoringSSL
    no AES XTS in BoringSSL iOS CocoaPod
    @vixentael

    View Slide

  35. Hard to misuse

    View Slide

  36. — crypto that simply works, solidly
    resists attacks, never needs any
    upgrades.
    https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf
    Daniel J. Bernstein
    Boring crypto
    @vixentael

    View Slide

  37. "Don’t give users options, because
    they will mess it up. Just tell them
    what to do.”
    dev.to/cossacklabs/schneier-on-cryptography-live-interview-4mi7
    Bruce Schneier
    No options
    @vixentael

    View Slide

  38. encryption integration
    abstraction level
    complexity
    cipher
    crypto-


    library
    crypto-


    system
    boxed


    solution
    @vixentael
    pain

    View Slide

  39. CommonCrypto AES
    @vixentael

    View Slide

  40. Easy to make mistakes
    @vixentael

    View Slide

  41. should be random
    should use KDF(key)
    uses AES CBC, not AES GCM
    padding? salt?
    😬
    Easy to make mistakes
    @vixentael

    View Slide

  42. github.com/cossacklabs/themis
    Themis: hard to make mistakes
    @vixentael

    View Slide

  43. hides cryptographic details: salt, IV, KDF, padding
    uses AES-256-GCM
    github.com/cossacklabs/themis
    generates strong encryption key
    Themis: hard to make mistakes
    @vixentael

    View Slide

  44. hides cryptographic details: salt, IV, KDF, padding
    uses AES-256-GCM
    github.com/cossacklabs/themis
    Themis: built-in KDF
    uses KDF to transform passphrase into key:
    @vixentael

    View Slide

  45. one API to rule them all
    @vixentael

    View Slide

  46. Testing

    View Slide

  47. Testing
    @vixentael

    View Slide

  48. Testing
    @vixentael

    View Slide

  49. Testing
    fuzzing
    memory, sanitizers, SAST
    integration tests
    unit tests
    per each language, crypto: NIST-
    speci
    fi
    ed for PRNG & AES
    per OS, per language
    clang, Valgrind, Splint, Cppcheck
    backwards compatibility tests
    AFL
    between versions
    @vixentael

    View Slide

  50. CI & autotests
    integrated with Github


    unit tests, memory
    iOS, Android, macOS
    examples and tests
    everything

    cross-platform tests
    GitHub actions:
    everything
    @vixentael

    View Slide

  51. Testing tools
    dev.to/cossacklabs/automated-software-security-testing-for-devs-part-1-gcf
    @vixentael

    View Slide

  52. Security testing
    cryptocoding
    internal review
    external audits
    tests
    github.com/veorq/cryptocoding
    zeroing, minimization, memory,
    constant time checks, etc
    cossacklabs.com/blog/macros-in-crypto-c-code.html
    @vixentael

    View Slide

  53. One readme is not enough

    View Slide

  54. 1. Language-speci
    fi
    c docs
    @vixentael

    View Slide

  55. 1. Language-speci
    fi
    c docs
    “give me code!”
    “too much to read”
    @vixentael

    View Slide

  56. @vixentael
    2. “Safe to copypaste” code snippets

    View Slide

  57. 2. “Safe to copypaste” code snippets
    “how to use it
    in the app?”
    @vixentael

    View Slide

  58. 3. Example applications
    @vixentael

    View Slide

  59. 3. Example applications
    @vixentael

    View Slide

  60. 3. Example applications
    “but I am building
    unique app!”
    @vixentael

    View Slide

  61. 4. Use case speci
    fi
    c apps
    @vixentael

    View Slide

  62. 4. Use case speci
    fi
    c apps
    “your app
    works, but my
    app doesn’t”
    @vixentael

    View Slide

  63. 5. Codeless simulators
    debug the
    whole
    fl
    ow
    @vixentael
    docs.cossacklabs.com/simulator/interactive/

    View Slide

  64. One readme is not enough
    1. Language-speci
    fi
    c docs
    2. “Safe to copypaste” code snippets
    3. Example applications
    4. Tutorials and use case speci
    fi
    c apps
    5. Codeless simulators
    @vixentael

    View Slide

  65. @vixentael

    View Slide

  66. 1. Encryption lib should be: multi-platform,
    maintained, secure by default, open
    sourced, easy to install, hard to misuse,
    tested.
    2. Supporting libs is VERY complicated.
    3. Better to spend time on features than
    the crypto code.
    Key points
    @vixentael

    View Slide

  67. WE ARE HIRING!
    jobs.dou.ua/companies/cossack-labs/
    vacancies/
    [email protected]
    @vixentael

    View Slide