Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
What’s new in Go Crypto?
Nick Sullivan (@grittygrease)
GothamGo
October 2, 2015
Go’s Crypto Packages
AES, DES, RC4
RSA, ECDSA
SHA-1, SHA-2
HMAC
2
Go’s Crypto Packages
X.509
TLS
3
Who gits the blame?
21202 Adam Langley
5099 David Crawshaw
3901 Russ Cox
1576 Yasuhiro Matsumoto
1542 Vlad Krasnov
1216 Jo...
Who gits the blame?
21202 Adam Langley
5099 David Crawshaw
3901 Russ Cox
1576 Yasuhiro Matsumoto
1542 Vlad Krasnov
1216 Jo...
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
rrdns
cfssl
gokeyless
railgun
RAILGUNDefying Physics on the Web
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
railgun
Encrypted with TLS
…huge CPU hog
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
Go Crypto
RC4
railgun
Vlad The Compiler
• Assembly implementation of AES-GCM
• In Go master in time for 1.6
Vlad The Compiler
AES-GCM Performance
benchmark old MB/s new MB/s speedup
BenchmarkAESGCMSeal8K 89.31 2559.62 28.66x
BenchmarkAESGCMOpen8K 8...
AES-GCM Assembly
if hasGCMAsm() {
return &aesCipherGCM{c}, nil
}
src/crypto/aes/gcm_amd64.s
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
Go Crypto
RC4
MorsingTime
Go Crypto
AES-GCM
Use
CSRs
railgun
ECDSA
Certs
CFSSLFull-featured CA
X.509 Certificate Chain Bundler
TLS configuration scanner
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
CFSSL
How Railguns Get Keys
22
PKI the whole internal infrastructure
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
CFSSL ECDSA
support
in x509
CSR
Support
Open Source
crypto.Signer: a private key interface
type Signer interface {
Public() PublicKey
Sign(rand io.Reader, msg []byte, opts Si...
PKCS#11
github.com/cloudflare/cfssl/crypto/pkcs11key
type PKCS11Key struct {
module *pkcs11.Ctx
slotDescription string
pin ...
PKCS#11
27
func (ps *PKCS11Key) Sign(rand io.Reader, msg []byte, opts
crypto.SignerOpts) (signature []byte, err error) {
/...
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
CFSSL ECDSA
support
in x509
CSR
Support
crypto.Signer
interface
PKCS#11
S...
RRDNSAuthoritative DNS Server and DNS Proxy
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
rrdns
Authoritative
Servers
31
Cache Poisoning (Kaminsky’s attack)
32
Resolver Authoritative
Server
Q: what is the IP address of cloudflare.com
A: 198.41....
Man-in-the-middle
33
Resolver
Authoritative
Server
Q: what is the IP address of cloudflare.com
A: 198.41.213.157A: 6.6.6.6
Solution: DNSSEC (done right)
Digital signatures in the DNS
Live-signed answers
Elliptic curve keys
34
github.com/cloudflare/go
• Assembly implementation of P256
• In Go: soon… copyright issues with Intel
Vlad The Compiler
P256 Performance Improvement
ECDSA Sign: 21X
ECDSA Verify: 9X
BaseMult (ECDH): 30X
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
rrdns FilippoTime
DNSSEC
Prototype
P256 ASM
DNSSEC
Beta
crypto.Signer
???
gokeyless
taking the private key out of TLS
TLS in RSA mode
39
Private Key
TLS in RSA mode - Keyless
40
Private Key
Geography of TLS
41
42
Geography of Keyless SSL
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
gokeyless
keyless (C)
HavenTime
New interface: crypto.Decrypter
type Signer interface {
Public() PublicKey
Sign(rand io.Reader, msg []byte, opts SignerOpt...
Using it in TLS
return &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: SystemRoots,
ServerName: host,
CipherS...
github.com/cloudflare/go
• Assembly implementation of RSA
• In Go 1.5
Vlad The Compiler
RSA Performance
benchmark old ns/op new ns/op delta
BenchmarkRSA2048Decrypt 6696649 3073769 -54.10%
New additions to Go 1.5
crypto.Decrypter, crypto.Signer support in x509, tls
AES_256_GCM_SHA384 cipher suites
Faster RSA o...
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
gokeyless
keyless (C)
opaque keys
in TLS
HavenTime
AES 256
RSA ASM
This is now possible in Go
TLS load balancer backed by hardware (PKCS#11, TPM coming soon)
Arbitrary RSA/ECDSA Implementat...
1.0
2012 2013 2014 2015
1.1
1.2
2016
1.3
1.4
1.5
rrdns
cfssl
gokeyless
railgun
❤Go Crypto
What’s new in Go Crypto?
Nick Sullivan (@grittygrease)
GothamGo
October 2, 2015
What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham Go
Upcoming SlideShare
Loading in …5
×

What's New in Go Crypto - Gotham Go

11,427 views

Published on

If you don’t know, now you know… Go has an amazing cryptography package built into the standard library. In Go 1.5 it’s better than ever. Join CloudFlare’s Nick Sullivan for a presentation that explores the new interfaces crypto.Signer and crypto.Decrypter. Learn how they can be used to enable some powerful new features. Nick will also cover how his team improved the speed of crypto operations by up to 20x using Go’s inline assembly feature. Attendees will also uncover how to enable cool features like serving a website over HTTPS while storing the private key inside of hardware like a Trusted Platform Module (TPM) or a Hardware Security Module (HSM)!

Published in: Technology

What's New in Go Crypto - Gotham Go

  1. 1. What’s new in Go Crypto? Nick Sullivan (@grittygrease) GothamGo October 2, 2015
  2. 2. Go’s Crypto Packages AES, DES, RC4 RSA, ECDSA SHA-1, SHA-2 HMAC 2
  3. 3. Go’s Crypto Packages X.509 TLS 3
  4. 4. Who gits the blame? 21202 Adam Langley 5099 David Crawshaw 3901 Russ Cox 1576 Yasuhiro Matsumoto 1542 Vlad Krasnov 1216 Joel Sing 1190 Robert Griesemer 653 Nan Deng 641 Dave Cheney 610 Mikkel Krautz 560 Kyle Isom 557 Rob Pike 553 Jonathan Rodenberg 499 Shenghou Ma 397 Gautham Thambidorai 395 Brad Fitzpatrick 389 Nevins Bartolomeo 351 Jacob H. Haven 345 Han-Wen Nienhuys 330 Luit van Drongelen 317 Rémy Oudompheng 282 Conrad Meyer 281 Taru Karttunen 280 Paul van Brouwershaven 260 David Leon Gil 241 Roger Peppe 233 Nick Craig-Wood 219 Benjamin Black 211 Jeff Wendling 196 Anthony Martin 167 Andy Davis 159 Peter Mundy 153 Jeff R. Allen 152 Josh Bleecher Snyder 151 Shawn Smith 123 Nick Sullivan 4
  5. 5. Who gits the blame? 21202 Adam Langley 5099 David Crawshaw 3901 Russ Cox 1576 Yasuhiro Matsumoto 1542 Vlad Krasnov 1216 Joel Sing 1190 Robert Griesemer 653 Nan Deng 641 Dave Cheney 610 Mikkel Krautz 560 Kyle Isom 557 Rob Pike 553 Jonathan Rodenberg 499 Shenghou Ma 397 Gautham Thambidorai 395 Brad Fitzpatrick 389 Nevins Bartolomeo 351 Jacob H. Haven 345 Han-Wen Nienhuys 330 Luit van Drongelen 317 Rémy Oudompheng 282 Conrad Meyer 281 Taru Karttunen 280 Paul van Brouwershaven 260 David Leon Gil 241 Roger Peppe 233 Nick Craig-Wood 219 Benjamin Black 211 Jeff Wendling 196 Anthony Martin 167 Andy Davis 159 Peter Mundy 153 Jeff R. Allen 152 Josh Bleecher Snyder 151 Shawn Smith 123 Nick Sullivan 5 1542 Vlad Krasnov 560 Kyle Isom 351 Jacob H. Haven 123 Nick Sullivan
  6. 6. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5
  7. 7. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5 rrdns cfssl gokeyless railgun
  8. 8. RAILGUNDefying Physics on the Web
  9. 9. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5 railgun
  10. 10. Encrypted with TLS …huge CPU hog
  11. 11. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5 Go Crypto RC4 railgun
  12. 12. Vlad The Compiler
  13. 13. • Assembly implementation of AES-GCM • In Go master in time for 1.6 Vlad The Compiler
  14. 14. AES-GCM Performance benchmark old MB/s new MB/s speedup BenchmarkAESGCMSeal8K 89.31 2559.62 28.66x BenchmarkAESGCMOpen8K 89.54 2463.78 27.52x BenchmarkAESGCMSeal1K 86.24 1872.49 21.71x BenchmarkAESGCMOpen1K 86.53 1721.78 19.90x
  15. 15. AES-GCM Assembly if hasGCMAsm() { return &aesCipherGCM{c}, nil } src/crypto/aes/gcm_amd64.s
  16. 16. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5 Go Crypto RC4 MorsingTime Go Crypto AES-GCM Use CSRs railgun ECDSA Certs
  17. 17. CFSSLFull-featured CA X.509 Certificate Chain Bundler TLS configuration scanner
  18. 18. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5 CFSSL
  19. 19. How Railguns Get Keys
  20. 20. 22
  21. 21. PKI the whole internal infrastructure
  22. 22. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5 CFSSL ECDSA support in x509 CSR Support Open Source
  23. 23. crypto.Signer: a private key interface type Signer interface { Public() PublicKey Sign(rand io.Reader, msg []byte, opts SignerOpts) (signature []byte, err error) } rsa.PrivateKey and ecdsa.PrivateKey both implement Signer 25
  24. 24. PKCS#11 github.com/cloudflare/cfssl/crypto/pkcs11key type PKCS11Key struct { module *pkcs11.Ctx slotDescription string pin string publicKey rsa.PublicKey privateKeyHandle pkcs11.ObjectHandle } 26
  25. 25. PKCS#11 27 func (ps *PKCS11Key) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error) { // Verify that the length of the hash is as expected hash := opts.HashFunc() hashLen := hash.Size() if len(msg) != hashLen { err = errors.New("input size does not match hash function output size") return } // Add DigestInfo prefix mechanism := []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_RSA_PKCS, nil)} prefix, ok := hashPrefixes[hash] if !ok { err = errors.New("unknown hash function") return } signatureInput := append(prefix, msg...) // Open a session session, err := ps.openSession() if err != nil { return } defer ps.closeSession(session) // Perform the sign operation err = ps.module.SignInit(session, mechanism, ps.privateKeyHandle) if err != nil { return } signature, err = ps.module.Sign(session, signatureInput) return }
  26. 26. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5 CFSSL ECDSA support in x509 CSR Support crypto.Signer interface PKCS#11 Support Open Source
  27. 27. RRDNSAuthoritative DNS Server and DNS Proxy
  28. 28. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5 rrdns
  29. 29. Authoritative Servers 31
  30. 30. Cache Poisoning (Kaminsky’s attack) 32 Resolver Authoritative Server Q: what is the IP address of cloudflare.com A: 198.41.213.157 A:6.6.6.6 A:6.6.6.6 A:6.6.6.6 A:6.6.6.6 A:6.6.6.6 A: 6.6.6.6 A: 6.6.6.6
  31. 31. Man-in-the-middle 33 Resolver Authoritative Server Q: what is the IP address of cloudflare.com A: 198.41.213.157A: 6.6.6.6
  32. 32. Solution: DNSSEC (done right) Digital signatures in the DNS Live-signed answers Elliptic curve keys 34
  33. 33. github.com/cloudflare/go • Assembly implementation of P256 • In Go: soon… copyright issues with Intel Vlad The Compiler
  34. 34. P256 Performance Improvement ECDSA Sign: 21X ECDSA Verify: 9X BaseMult (ECDH): 30X
  35. 35. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5 rrdns FilippoTime DNSSEC Prototype P256 ASM DNSSEC Beta crypto.Signer ???
  36. 36. gokeyless taking the private key out of TLS
  37. 37. TLS in RSA mode 39 Private Key
  38. 38. TLS in RSA mode - Keyless 40 Private Key
  39. 39. Geography of TLS 41
  40. 40. 42 Geography of Keyless SSL
  41. 41. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5 gokeyless keyless (C) HavenTime
  42. 42. New interface: crypto.Decrypter type Signer interface { Public() PublicKey Sign(rand io.Reader, msg []byte, opts SignerOpts) (signature []byte, err error) } type Decrypter interface { Public() PublicKey Decrypt(rand io.Reader, msg []byte, opts DecrypterOpts) (plaintext []byte, err error) } 44
  43. 43. Using it in TLS return &tls.Config{ Certificates: []tls.Certificate{cert}, RootCAs: SystemRoots, ServerName: host, CipherSuites: CipherSuites, MinVersion: tls.VersionTLS12, } 45 type Certificate struct { Certificate [][]byte PrivateKey crypto.PrivateKey OCSPStaple []byte SignedCertificateTimestamps [][]byte Leaf *x509.Certificate }
  44. 44. github.com/cloudflare/go • Assembly implementation of RSA • In Go 1.5 Vlad The Compiler
  45. 45. RSA Performance benchmark old ns/op new ns/op delta BenchmarkRSA2048Decrypt 6696649 3073769 -54.10%
  46. 46. New additions to Go 1.5 crypto.Decrypter, crypto.Signer support in x509, tls AES_256_GCM_SHA384 cipher suites Faster RSA operations 48
  47. 47. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5 gokeyless keyless (C) opaque keys in TLS HavenTime AES 256 RSA ASM
  48. 48. This is now possible in Go TLS load balancer backed by hardware (PKCS#11, TPM coming soon) Arbitrary RSA/ECDSA Implementations 50
  49. 49. 1.0 2012 2013 2014 2015 1.1 1.2 2016 1.3 1.4 1.5 rrdns cfssl gokeyless railgun
  50. 50. ❤Go Crypto
  51. 51. What’s new in Go Crypto? Nick Sullivan (@grittygrease) GothamGo October 2, 2015

×