L406-D1S1-Adventures in the Dungeons of OpenSSL

by Ryo Kajiwara

In this presentation titled "Adventures in the Dungeons of OpenSSL" delivered by Ryo Kajiwara at RubyConf Taiwan 2023, the focus is on exploring the intricacies of Hybrid Public Key Encryption (HPKE) and its implementation within Ruby's OpenSSL gem.

Key Points Discussed:

Introduction to the Speaker: Ryo Kajiwara, a freelance web developer specializing in digital identity and security, shares his background and experience with cryptography and internet standards.
Understanding Cryptographic APIs: The talk emphasizes the importance of proper usage of cryptographic APIs, which can lead to significant security vulnerabilities if misused. Misguided implementations can have catastrophic consequences.
Exploration of HPKE: Kajiwara provides a comprehensive overview of HPKE (RFC 9180), describing its functionality in Ruby. He explains how public key encryption works, showcasing the process where a user generates a public-private key pair and uses it for secure message exchanges.
Implementation Challenges: The implementation of HPKE faced challenges due to unavailable features in Ruby's OpenSSL, prompting Kajiwara to dive deep into OpenSSL's functionalities like elliptic curve support and various cipher suites. He discusses the importance of using well-documented and secure APIs to avoid pitfalls.
Technical Dive: The complexities involved in creating OpenSSL keys and handling ASN.1 sequences are explained, showcasing the difficulty of navigating these technical elements and the necessity of precise control over data structures.
Beta Release and Future Work: Kajiwara also mentions the current state of his HPKE implementation available on GitHub, highlighting the ongoing experimental phase and the need for caution in production environments. The aim is to build C extensions that facilitate better integration between Ruby and C, enhancing Ruby’s capabilities in cryptography.
Acknowledgments and Community Engagement: He expresses gratitude towards contributors in the cryptographic and Ruby community, urging developers to ensure they have an adequate understanding of cryptographic principles before delving into implementations.

Main Takeaways:

The careful implementation of cryptographic functions is crucial to avoid security vulnerabilities.
HPKE aims to simplify secure encryption processes while encouraging best practices in its usage within Ruby.
Continuous learning and community engagement are key to advancing Ruby’s role in cryptography and security.

00:00:24.480 Hey, good morning everyone! Welcome to RubyConf Taiwan 2023, and I hope you have a great experience today. Can you raise your hand if this is your first time here? Oh, not only me, okay, thank you.

00:00:31.880 We are sorry for starting late due to the schedule. If you have any questions during the talk, you can go to the RubyConf Taiwan 2023 website, and under the speaker's avatar, there's a slider where you can write down your questions. I will address them later, or you can ask directly.

00:00:51.600 Our first speaker will talk about an adventure in the dungeons of OpenSSL. Without further ado, let’s start now. Thank you!

00:01:30.600 Welcome to my talk! I’m Ryo Kajiwara. Slides are available right here. Please make sure that the QR code is scanned, no malicious content here. I’ll wait for about 30 seconds so you can grab the slides. I believe there are around 82 pages of material that cover advanced topics you might want to look up later.

00:01:50.240 These slides will be available online, and I’ll start in about five seconds. Four, three, two, one, let's go! Hello everyone! I handle a lot of stuff. If anything piques your interest, let’s talk later.

00:02:10.879 I am a freelance web developer focusing on digital identity and security. I'm currently working at Coda, developing identity platforms for public schools. I have experience in writing, editing, and implementing internet standards.

00:02:38.879 I've worked with HTTPS and local network community groups and the web of things working group at W3C, as well as the Messaging Layer Security working group at IETF. Additionally, I served as an officer of the Internet Society Japan chapter for four years.

00:03:07.599 I hail from a region in Japan known as Shoku. Is there anything wrong with this map? There's an island missing here, and I’m from that island.

00:03:24.280 My ticket this time was from the mountain of the S, and this picture shows a clock that exists in this area, coming from the same region. I heard that direct flights from Tan Airport to Diama will resume operation next March, so if you have a chance, please visit us.

00:03:39.680 That's the introduction. Before I start talking about Dungeons, I must mention that there be dragons—Dungeons and Dragons, am I right? My first real game features a Chinese dragon character, so it's also reminiscent of that.

00:04:07.799 Today, I will be discussing cryptographic APIs. They can be very easy to misuse, and you may have heard of PAR, which is a demon castle. Unlike typical dungeons, the dangers here can lead to security breaches, which is something we definitely want to avoid.

00:04:29.520 I've done considerable research into cryptography. In my last talk at Ruby Taiwan, I discussed SHA-3 in another language, but I don’t consider myself a true cryptographic expert since I lack a PhD or an MA in this field. I like to think of myself as a cryptographer in the wild.

00:05:11.680 If you are unsure, I recommend having your system audited by a security expert before going into production. There are various levels of production readiness. The HPKE gem I’ll discuss is almost ready, although there could be minor API changes. It uses mostly safe and reviewed methods, but has not yet been audited by a security expert.

00:05:31.880 I will talk about OpenSSL extension parts later, which are still quite experimental. My inspiration comes from a RubyKagi 2021 talk by Yus Nakasan, known as Unas, titled 'Do Pure Ruby Dream of Ined Binary?' He discussed the challenges of implementing QUIC in Ruby.

00:06:06.560 So, I will talk about hybrid public key encryption (HPKE), RFC 9180 in Ruby, and provide a quick recap on how public key encryption works. Alice generates a public-private key pair, publishes her public key, and then Bob encrypts a message with it. Alice can then decrypt it using her private key.

00:06:21.160 I will be using a lot of cryptographic terminology during this presentation, and I won't explain most of them, so please look them up. HPKE allows us to use standardized and reviewed protocols for key exchanges and encryption. It employs high-level APIs to prevent misuse, which is a significant feature. If you use these high-level APIs, you are generally safe from common mistakes.

00:07:01.560 Essentially, HPKE is a one-way protocol from the sender to the receiver. The sender creates a public-private key pair, encapsulates the session key with the public key, and encrypts the message using that session key. The encapsulated key and the message are sent in two parts, and the receiver uses the encapsulated key to decrypt the message.

00:07:37.639 Next, I’ll share my implementation goals for HPKE. I attempted to identify which parts were available in Ruby, such as elliptic curve support and hash functions like SHA-256. OpenSSL supports various cipher suits, but not all necessary cryptographic features were available in the versions I checked.

00:08:06.920 For standard symmetric ciphers, we had AES-128 GCM and ChaCha20-Poly1305 available, yet there is a concern with functions that are undocumented. Many APIs within OpenSSL are intentionally undocumented to prevent developers from misusing them.

00:08:40.800 These misuses can easily lead to severe security breaches. OpenSSL has a variety of classes that handle public cryptography operations including RSA, DSA, and ElGamal. It's critical to ensure you are using correct implementations to avoid vulnerabilities.

00:09:12.119 I encountered many challenges while working with these APIs, such as the need for precise control over data structures and the encapsulated keys. I realized that not only were we missing APIs, but also critical support in terms of creating the necessary public key pairs.

00:09:48.999 I began investigating how to create an OpenSSL key with a specific private key value, which involved obtaining a deep understanding of the underlying structures. It wasn’t easy given how complex these systems can be.

00:10:17.840 To achieve this, I used ASN.1 sequences and function calls in OpenSSL to generate the appropriate structures ensuring that I could handle them accurately. Although it seemed somewhat hacky, these methods worked effectively in practice.

00:10:53.960 The HPKE implementation is currently available on GitHub under the repository c01/hpkrb, where you can install it via gem. It's still in beta, though, and is subject to changes, but it functionally works.

00:11:16.160 I submitted a request for integrating HPKE into OpenSSL itself. My exploration into this area is still very experimental, and I encourage everyone to be cautious about using it in production environments.

00:11:41.440 I started looking into building C extensions, and I found documentation that hopefully guides others on how to convert C values to Ruby objects. It was enlightening to discover high-level integrations between Ruby and C programming.

00:12:11.960 To manage contexts and encapsulations effectively, I focused on how encapsulated contexts interact within Ruby. Notably, defining Ruby data types and garbage collection mechanics is vital to avoid memory leaks.

00:12:45.440 To generate keys and manage the internal states, using OpenSSL’s HPKE functionalities allowed me to bridge between C and Ruby seamlessly. This back-and-forth interaction is critical for efficient operations in cryptographic functions.

00:13:20.960 I'm excited about the growth of Ruby with these cryptographic enhancements. Modern developments push Ruby to remain relevant in cryptography and security, ensuring we don't miss out on critical implementations.

00:13:53.680 I continue to explore areas like messaging layer security and the importance of building these foundational blocks in Ruby to maintain its credibility in the programming community.

00:14:25.280 I want to thank everyone who inspired me throughout this journey, including the Ruby OpenSSL maintainers and those who contributed to discussions about networking protocols.

00:15:02.160 If you have any questions or comments, please feel free to connect with me on Twitter or through other platforms. Thank you all for your attention!

00:15:38.320 Now, we can open the floor for a Q&A session. I'll entertain some questions. As someone looking at all this from the outside, how does it feel to have cryptographic algorithms remain intentionally undocumented?

00:15:52.800 The intention behind undocumented algorithms is protection; it's crucial to understand cryptography before diving into Ruby OpenSSL. Developers should be well-versed in the fundamentals before attempting low-level integrations.

00:16:18.480 It’s vital to ensure that cryptography is not implemented without the background knowledge, as it can lead to severe security vulnerabilities. Thank you for this excellent question!

00:16:50.280 Are there any further questions? I’d be happy to delve into examples, particularly regarding the operations surrounding HPKE implementation.

00:17:16.440 If there are no more questions, I appreciate your participation. Let's wrap up as I know everyone may be eager for lunch.

00:17:44.160 Thank you again for your attention. I hope you enjoy the rest of the conference!