what's new in go crypto - gotham go
TRANSCRIPT
![Page 1: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/1.jpg)
What’s new in Go Crypto?Nick Sullivan (@grittygrease)
GothamGo
October 2, 2015
![Page 2: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/2.jpg)
Go’s Crypto Packages
AES, DES, RC4 RSA, ECDSA
SHA-1, SHA-2
HMAC2
![Page 3: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/3.jpg)
Go’s Crypto Packages
X.509
TLS
3
![Page 4: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/4.jpg)
Who gits the blame?
21202 Adam Langley 5099 David Crawshaw 3901 Russ Cox 1576 Yasuhiro Matsumoto 1542 Vlad Krasnov 1216 Joel Sing 1190 Robert Griesemer 653 Nan Deng 641 Dave Cheney 610 Mikkel Krautz 560 Kyle Isom 557 Rob Pike 553 Jonathan Rodenberg 499 Shenghou Ma 397 Gautham Thambidorai 395 Brad Fitzpatrick 389 Nevins Bartolomeo 351 Jacob H. Haven 345 Han-Wen Nienhuys 330 Luit van Drongelen 317 Rémy Oudompheng 282 Conrad Meyer 281 Taru Karttunen 280 Paul van Brouwershaven 260 David Leon Gil 241 Roger Peppe 233 Nick Craig-Wood 219 Benjamin Black 211 Jeff Wendling 196 Anthony Martin 167 Andy Davis 159 Peter Mundy 153 Jeff R. Allen 152 Josh Bleecher Snyder 151 Shawn Smith 123 Nick Sullivan
4
![Page 5: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/5.jpg)
Who gits the blame?
21202 Adam Langley 5099 David Crawshaw 3901 Russ Cox 1576 Yasuhiro Matsumoto 1542 Vlad Krasnov 1216 Joel Sing 1190 Robert Griesemer 653 Nan Deng 641 Dave Cheney 610 Mikkel Krautz 560 Kyle Isom 557 Rob Pike 553 Jonathan Rodenberg 499 Shenghou Ma 397 Gautham Thambidorai 395 Brad Fitzpatrick 389 Nevins Bartolomeo 351 Jacob H. Haven 345 Han-Wen Nienhuys 330 Luit van Drongelen 317 Rémy Oudompheng 282 Conrad Meyer 281 Taru Karttunen 280 Paul van Brouwershaven 260 David Leon Gil 241 Roger Peppe 233 Nick Craig-Wood 219 Benjamin Black 211 Jeff Wendling 196 Anthony Martin 167 Andy Davis 159 Peter Mundy 153 Jeff R. Allen 152 Josh Bleecher Snyder 151 Shawn Smith 123 Nick Sullivan
5
1542 Vlad Krasnov 560 Kyle Isom 351 Jacob H. Haven
123 Nick Sullivan
![Page 6: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/6.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
![Page 7: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/7.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
rrdnscfssl
gokeyless
railgun
![Page 8: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/8.jpg)
![Page 9: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/9.jpg)
RAILGUNDefying Physics on the Web
![Page 10: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/10.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
railgun
![Page 11: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/11.jpg)
Encrypted with TLS…huge CPU hog
![Page 12: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/12.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
Go Crypto RC4
railgun
![Page 13: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/13.jpg)
![Page 14: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/14.jpg)
Vlad The Compiler
![Page 15: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/15.jpg)
• Assembly implementation of AES-GCM
• In Go master in time for 1.6
Vlad The Compiler
![Page 16: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/16.jpg)
AES-GCM Performance
benchmark old MB/s new MB/s speedup
BenchmarkAESGCMSeal8K 89.31 2559.62 28.66x
BenchmarkAESGCMOpen8K 89.54 2463.78 27.52x
BenchmarkAESGCMSeal1K 86.24 1872.49 21.71x
BenchmarkAESGCMOpen1K 86.53 1721.78 19.90x
![Page 17: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/17.jpg)
AES-GCM Assembly
if hasGCMAsm() {
return &aesCipherGCM{c}, nil
}
src/crypto/aes/gcm_amd64.s
![Page 18: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/18.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
Go Crypto RC4
MorsingTime
Go Crypto AES-GCM
Use CSRs
railgunECDSA Certs
![Page 19: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/19.jpg)
CFSSLFull-featured CA
X.509 Certificate Chain Bundler TLS configuration scanner
![Page 20: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/20.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
CFSSL
![Page 21: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/21.jpg)
How Railguns Get Keys
![Page 22: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/22.jpg)
22
![Page 23: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/23.jpg)
PKI the whole internal infrastructure
![Page 24: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/24.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
CFSSL ECDSA support in x509
CSR Support
Open Source
![Page 25: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/25.jpg)
crypto.Signer: a private key interface
type Signer interface {
Public() PublicKey
Sign(rand io.Reader, msg []byte, opts SignerOpts) (signature []byte, err error)
}
rsa.PrivateKey and ecdsa.PrivateKey both implement Signer
25
![Page 26: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/26.jpg)
PKCS#11github.com/cloudflare/cfssl/crypto/pkcs11key
type PKCS11Key struct {
module *pkcs11.Ctx
slotDescription string
pin string
publicKey rsa.PublicKey
privateKeyHandle pkcs11.ObjectHandle
}
26
![Page 27: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/27.jpg)
PKCS#11
27
func (ps *PKCS11Key) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error) {
// Verify that the length of the hash is as expectedhash := opts.HashFunc()hashLen := hash.Size()if len(msg) != hashLen {
err = errors.New("input size does not match hash function output size")
return}
// Add DigestInfo prefixmechanism :=
[]*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_RSA_PKCS, nil)}prefix, ok := hashPrefixes[hash]if !ok {
err = errors.New("unknown hash function")return
}signatureInput := append(prefix, msg...)
// Open a sessionsession, err := ps.openSession()if err != nil {
return}defer ps.closeSession(session)
// Perform the sign operationerr = ps.module.SignInit(session, mechanism,
ps.privateKeyHandle)if err != nil {
return}
signature, err = ps.module.Sign(session, signatureInput)return
}
![Page 28: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/28.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
CFSSL ECDSA support in x509
CSR Support
crypto.Signer interface
PKCS#11 Support
Open Source
![Page 29: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/29.jpg)
RRDNSAuthoritative DNS Server and DNS Proxy
![Page 30: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/30.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
rrdns
![Page 31: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/31.jpg)
Authoritative Servers
31
![Page 32: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/32.jpg)
Cache Poisoning (Kaminsky’s attack)
32
Resolver AuthoritativeServer
Q: what is the IP address of cloudflare.com
A: 198.41.213.157
A: 6
.6.6
.6
A: 6
.6.6
.6 A: 6.6.6.6
A: 6.6.6.6A: 6.6.6.6
A: 6.6.6.6A: 6.6.6.6
![Page 33: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/33.jpg)
Man-in-the-middle
33
ResolverAuthoritative
Server
Q: what is the IP address of cloudflare.com
A: 198.41.213.157A: 6.6.6.6
![Page 34: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/34.jpg)
Solution: DNSSEC (done right)Digital signatures in the DNS
Live-signed answers
Elliptic curve keys
34
![Page 35: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/35.jpg)
github.com/cloudflare/go
• Assembly implementation of P256
• In Go: soon… copyright issues with Intel
Vlad The Compiler
![Page 36: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/36.jpg)
P256 Performance Improvement
ECDSA Sign: 21X
ECDSA Verify: 9X
BaseMult (ECDH): 30X
![Page 37: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/37.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
rrdns FilippoTime
DNSSEC Prototype
P256 ASM
DNSSEC Beta
crypto.Signer
???
![Page 38: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/38.jpg)
gokeylesstaking the private key out of TLS
![Page 39: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/39.jpg)
TLS in RSA mode
39
Private Key
![Page 40: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/40.jpg)
TLS in RSA mode - Keyless
40
Private Key
![Page 41: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/41.jpg)
Geography of TLS
41
![Page 42: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/42.jpg)
42
Geography of Keyless SSL
![Page 43: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/43.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
gokeyless
keyless (C)
HavenTime
![Page 44: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/44.jpg)
New interface: crypto.Decryptertype Signer interface {
Public() PublicKey
Sign(rand io.Reader, msg []byte, opts SignerOpts) (signature []byte, err error)
}
type Decrypter interface {
Public() PublicKey
Decrypt(rand io.Reader, msg []byte, opts DecrypterOpts) (plaintext []byte, err error)
}
44
![Page 45: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/45.jpg)
Using it in TLSreturn &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: SystemRoots,
ServerName: host,
CipherSuites: CipherSuites,
MinVersion: tls.VersionTLS12,
}
45
type Certificate struct {
Certificate [][]byte
PrivateKey crypto.PrivateKey
OCSPStaple []byte
SignedCertificateTimestamps [][]byte
Leaf *x509.Certificate
}
![Page 46: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/46.jpg)
github.com/cloudflare/go
• Assembly implementation of RSA
• In Go 1.5
Vlad The Compiler
![Page 47: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/47.jpg)
RSA Performance
benchmark old ns/op new ns/op delta
BenchmarkRSA2048Decrypt 6696649 3073769 -54.10%
![Page 48: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/48.jpg)
New additions to Go 1.5crypto.Decrypter, crypto.Signer support in x509, tls
AES_256_GCM_SHA384 cipher suites
Faster RSA operations
48
![Page 49: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/49.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
gokeyless
keyless (C)
opaque keys in TLS
HavenTime
AES 256 RSA ASM
![Page 50: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/50.jpg)
This is now possible in GoTLS load balancer backed by hardware (PKCS#11, TPM coming soon)
Arbitrary RSA/ECDSA Implementations
50
![Page 51: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/51.jpg)
1.0
2012 2013 2014 2015
1.11.2
2016
1.31.4
1.5
rrdnscfssl
gokeyless
railgun
![Page 52: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/52.jpg)
❤Go Crypto
![Page 53: What's New in Go Crypto - Gotham Go](https://reader031.vdocument.in/reader031/viewer/2022022414/5876fe2d1a28abf3398b6c2b/html5/thumbnails/53.jpg)
What’s new in Go Crypto?Nick Sullivan (@grittygrease)
GothamGo
October 2, 2015