Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Maintaining cryptographic library for 12 languages

042b7c0e45c53de46667f07de2fb2614?s=47 vixentael
November 07, 2019

Maintaining cryptographic library for 12 languages

Maintaining cross-platform cryptographic library is a journey full of unexpected bugs, language-specific hacks, difficult decisions and endless struggle to make developer-facing APIs easy-to-use and hard-to-misuse.

https://github.com/cossacklabs/themis

This talk is useful for ppl that believe that perfect crypto lib is a C lib with 1-page readme :)

—————————————-

As developers, what do we want from using cryptographic tools? They should be easy to use and hard to misuse, cover complete use-cases instead of providing crypto-primitives, support language-specific style, work in the same way on numerous platforms and languages. Basically, we want less stress and more work done.

But is it so easy to maintain cross-platform crypto library? How to simplify complex crypto concepts into simple "encrypt(msg, key)" and "decrypt(data, key)" functions? How to provide unified API for 11 languages, when some of them are strongly-typed and another one is javascript? Secure by default: what design choices should be made to protect from misuse. Multi-platformness: how to make sure that message encrypted using Ruby on x64 Ubuntu 18.04 will be [successfully] decrypted on iOS12 on iPhone armv7s? Testing wildness: static analyzers, fuzzing, unit tests, integration tests. Docs: developers copy-paste from readme anyway, how to make sure that they copy-paste correct things.

I'll describe the 4yrs experience on maintaining multi-platform open source library Themis: from API design to language-specific hacks.

Bonus questions:
- what maintainers completely forget about: the biggest fail reason for users.
- what is faster in Go: calling OpenSSL via c-Go interop or using native Go crypto primitives?
- how to deal with multi-platformness, if BoringSSL for iOS doesn't support AES XTS?
- epic bug with iOS-Android compatibility, which appears to be a sad story about `size_t`.
- switching cryptographic backends for fun and profit: switching between BoringSSL, OpenSSL, LibreSSL, ~libsodium and CommonCrypto~, and governmental crypto standards of some countries, leaving same high-level API.

Key takeaways:
- cryptography is easy, but "secure by default" APIs are hard;
- never agree to support multi-platform libs;
- each language has unique hacks and typical mistakes, deal with it.

042b7c0e45c53de46667f07de2fb2614?s=128

vixentael

November 07, 2019
Tweet

Transcript

  1. Maintaining cryptographic library for 12 languages @vixentael

  2. Maintaining cryptographic library for 12 languages 14 @vixentael

  3. @vixentael Head of customer solutions, security software engineer. Focused on

    data security, applied crypto and building e2ee schemes. vixentael.dev
  4. cossacklabs.com/products Data security tools & solutions We make software to

    get data security right – from open-source and proprietary cryptographic tools to custom solutions and consulting. We are cryptographers, security engineers, system engineers, infrastructure engineers. @vixentael
  5. Working with companies that care about data security Critical infrastructure,

    healthcare, payment processors, ML/AI, popular apps — where data security is a hard requirement.
  6. USABLE

  7. Cryptographic Failures – #2 OWASP Top10 2021 @vixentael owasp.org/Top10/

  8. github.com/cossacklabs/themis same API across 14 platforms boring crypto hidden crypto-details

    recommended by OWASP tons of docs works on millions of devices Themis – the crypto lib 7yo, supported by a team @vixentael
  9. Where Themis is used? mobile apps other libraries chats web-

    fi rst apps Cossack Labs software critical infra fi ntech docs.cossacklabs.com/themis/community/projects-that-use-themis/ AI/ML apps @vixentael
  10. End-to-end encryption in Bear blog.bear.app/ cossacklabs.com/case-studies/bear/ @vixentael

  11. ML models encryption in AI/ML app cossacklabs.com/case-studies/ai-ml-ip-protection/ @vixentael

  12. I want to store data securely I want to send

    data securely I want to verify data integrity Solve security use-cases @vixentael
  13. ephemeral keys built in key gen built in KDF AES

    GCM / AES CTR ECDH + ECC + AES ECC + ECDSA / RSA + PSS + PKCS#7 SecureMessage SecureCell SecureComparator OTR SMP + ECC ZKP github.com/cossacklabs/themis Themis: cryptosystems store encrypted encrypt for someone encrypt session communication authenticate SecureSession @vixentael
  14. Themis OpenSSL BoringSSL LibreSSL BearSSL DSTU libsodium native GoCrypto crypto-backends

    Soter Themis Themis Core iOS Android Java python ruby WASM language wrappers Go rust js PHP C++ stable experimental @vixentael
  15. Themis Core (server & desktop OS) Ubuntu Debian CentOS /

    RHEL macOS Windows @vixentael
  16. Themis Core (server & desktop OS) Ubuntu 20.04 x64 Debian

    11 x64 Ubuntu 18.04 x64 CentOS 8 x64 Debian 10 x64 Debian 9 x64 macOS 11.5 macOS 10.15 macOS 10.14 Windows Ubuntu 16.04 x64 CentOS 7 x64 Ubuntu 16.04 x32 Debian 9 x32 @vixentael
  17. Themis OSs Ubuntu 20.04 x64 Debian 11 x64 Ubuntu 18.04

    x64 CentOS 7 x64 Ubuntu 16.04 x64 Debian 10 x64 Debian 9 x64 CentOS 8 x64 macOS 11.5 macOS 10.15 macOS 10.16 Windows iOS 10 - iOS 15 Android API 23 - 30 @vixentael
  18. easy to use or hard to misuse? Cryptographic tools should

    be
  19. make make test sudo make install Easy to use @vixentael

  20. make make test sudo make install Easy to use noone

    cares about your lib if they can’t install it using their fav package manager @vixentael
  21. Themis Core: install Ubuntu Debian CentOS / RHEL macOS Windows

    apt-get install libthemis-dev apt-get install libthemis-dev yum install libthemis-devel brew install libthemis make nsis_installer @vixentael
  22. Package managers npm install jsthemis pip install pythemis pip3 install

    pythemis gem install rbthemis mavenCentral() implementation ‘com.cossacklabs.com:themis:0.13.11’ npm install wasm-themis [dependencies] themis = “0.13.12” go get github.com/cossacklabs/themis/gothemis/... pod themis pod install github “cossacklabs/themis" carthage update @vixentael
  23. iOS speci fi cs OpenSSL Soter Themis Themis iOS BoringSSL

    C lang ObjC ObjC app Swift app ObjC <> Swift interoperability CocoaPods Carthage SPM package managers Xcode/Swift update iOS update device update package manager update Open/BoringSSL update @vixentael
  24. iOS speci fi cs @vixentael

  25. None
  26. Android speci fi cs Soter Themis Themis Java BoringSSL C

    lang Java <> C Java app Kotlin app Java <> Kotlin interoperability Themis jni @vixentael
  27. Android speci fi cs Soter Themis Themis Java BoringSSL C

    lang Java <> C Java app Kotlin app Java <> Kotlin interoperability Themis jni complicated to debug complicated to build @vixentael
  28. BoringSSL github.com/cossacklabs/themis/pull/352 CMake Error at /home/user/android-sdk/ndk-bundle/build/cmake/ android.toolchain.cmake:169 (message): GCC is

    no longer supported. See https://android.googlesource.com/platform/ndk/+/master/docs/ ClangMigration.md. @vixentael
  29. BoringSSL github.com/cossacklabs/themis/pull/352 CMake Error at /home/user/android-sdk/ndk-bundle/build/cmake/ android.toolchain.cmake:169 (message): GCC is

    no longer supported. See https://android.googlesource.com/platform/ndk/+/master/docs/ ClangMigration.md. gcc -> clang @vixentael
  30. BoringSSL github.com/cossacklabs/themis/pull/447 why so slow 🤔 @vixentael

  31. BoringSSL don’t build examples 👍 github.com/cossacklabs/themis/pull/447 @vixentael

  32. Multi-platform is hard BoringSSL is used in iOS libs by

    Google (Firebase) Themis iOS BoringSSL @vixentael
  33. Multi-platform is hard BoringSSL is used in iOS libs by

    Google (Firebase) Themis iOS BoringSSL no AES XTS in BoringSSL iOS CocoaPod 😱 😱 😱 😱 😱 😱 @vixentael
  34. Multi-platform is hard #define SOTER_BORINGSSL_DISABLE_XTS BoringSSL is used in iOS

    libs by Google (Firebase) Themis iOS BoringSSL no AES XTS in BoringSSL iOS CocoaPod @vixentael
  35. Hard to misuse

  36. — crypto that simply works, solidly resists attacks, never needs

    any upgrades. https://cr.yp.to/talks/2015.10.05/slides-djb-20151005-a4.pdf Daniel J. Bernstein Boring crypto @vixentael
  37. "Don’t give users options, because they will mess it up.

    Just tell them what to do.” dev.to/cossacklabs/schneier-on-cryptography-live-interview-4mi7 Bruce Schneier No options @vixentael
  38. encryption integration abstraction level complexity cipher crypto- library crypto- system

    boxed solution @vixentael pain
  39. CommonCrypto AES @vixentael

  40. Easy to make mistakes @vixentael

  41. should be random should use KDF(key) uses AES CBC, not

    AES GCM padding? salt? 😬 Easy to make mistakes @vixentael
  42. github.com/cossacklabs/themis Themis: hard to make mistakes @vixentael

  43. hides cryptographic details: salt, IV, KDF, padding uses AES-256-GCM github.com/cossacklabs/themis

    generates strong encryption key Themis: hard to make mistakes @vixentael
  44. hides cryptographic details: salt, IV, KDF, padding uses AES-256-GCM github.com/cossacklabs/themis

    Themis: built-in KDF uses KDF to transform passphrase into key: @vixentael
  45. one API to rule them all @vixentael

  46. Testing

  47. Testing @vixentael

  48. Testing @vixentael

  49. Testing fuzzing memory, sanitizers, SAST integration tests unit tests per

    each language, crypto: NIST- speci fi ed for PRNG & AES per OS, per language clang, Valgrind, Splint, Cppcheck backwards compatibility tests AFL between versions @vixentael
  50. CI & autotests integrated with Github unit tests, memory iOS,

    Android, macOS examples and tests everything 
 cross-platform tests GitHub actions: everything @vixentael
  51. Testing tools dev.to/cossacklabs/automated-software-security-testing-for-devs-part-1-gcf @vixentael

  52. Security testing cryptocoding internal review external audits tests github.com/veorq/cryptocoding zeroing,

    minimization, memory, constant time checks, etc cossacklabs.com/blog/macros-in-crypto-c-code.html @vixentael
  53. One readme is not enough

  54. 1. Language-speci fi c docs @vixentael

  55. 1. Language-speci fi c docs “give me code!” “too much

    to read” @vixentael
  56. @vixentael 2. “Safe to copypaste” code snippets

  57. 2. “Safe to copypaste” code snippets “how to use it

    in the app?” @vixentael
  58. 3. Example applications @vixentael

  59. 3. Example applications @vixentael

  60. 3. Example applications “but I am building unique app!” @vixentael

  61. 4. Use case speci fi c apps @vixentael

  62. 4. Use case speci fi c apps “your app works,

    but my app doesn’t” @vixentael
  63. 5. Codeless simulators debug the whole fl ow @vixentael docs.cossacklabs.com/simulator/interactive/

  64. One readme is not enough 1. Language-speci fi c docs

    2. “Safe to copypaste” code snippets 3. Example applications 4. Tutorials and use case speci fi c apps 5. Codeless simulators @vixentael
  65. @vixentael

  66. 1. Encryption lib should be: multi-platform, maintained, secure by default,

    open sourced, easy to install, hard to misuse, tested. 2. Supporting libs is VERY complicated. 3. Better to spend time on features than the crypto code. Key points @vixentael
  67. WE ARE HIRING! jobs.dou.ua/companies/cossack-labs/ vacancies/ jobs@cossacklabs.com @vixentael