Comparison of cryptography libraries: Difference between revisions
Bbeurdouche (talk | contribs) m Undid revision 842479102. This was breaking the display of the page |
→Key generation and exchange: Update cryptlib algorithm support |
||
Line 92: | Line 92: | ||
|{{Yes}} |
|{{Yes}} |
||
|{{Yes}} |
|{{Yes}} |
||
|{{ |
|{{Yes}} |
||
|{{No}} |
|{{No}} |
||
|{{Yes}} |
|{{Yes}} |
Revision as of 04:01, 24 May 2018
The tables below compare cryptography libraries that deal with cryptography algorithms and have api function calls to each of the supported features.
Cryptography libraries
Implementation | Company | Development Language | Open Source | Software License | FIPS 140 validated[1] | FIPS 140-2 mode | Latest Update | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Botan | Jack Lloyd | C++ | Yes | Simplified BSD | No | No | 3.5.0 (July 8, 2024[2]) [±] | ||||||||||
Bouncy Castle | Legion of the Bouncy Castle Inc. | Java, C# | Yes | MIT License | Yes | Yes |
| ||||||||||
CryptoComply | SafeLogic | Java, C | No | Commercial license | Yes | Yes | Continuous | ||||||||||
cryptlib | Peter Gutmann | C | Yes | Sleepycat License or commercial license | No[a] | Yes | 3.4.5 (2019[8]) [±] | ||||||||||
Crypto++ | The Crypto++ project | C++ | Yes | Boost Software License (all individual files are public domain) | Yes | Yes | April 8, 2018 (7.0.0) | ||||||||||
GnuTLS | Nikos Mavrogiannopoulos, Simon Josefsson | C | Yes | GNU LGPL v2.1+ | Yes | Yes | 3.8.2 (November 15, 2023[9]) [±] | ||||||||||
Libgcrypt | GnuPG community and g10code | C | Yes | GNU LGPL v2.1+ | Yes | Yes |
| ||||||||||
libsodium | Frank Denis | C | Yes | ISC license | No | No | December 13, 2017 (1.0.16) | ||||||||||
libtomcrypt | Libtom Projects | C | Yes | Public domain or WTFPL | No | Yes | January 22, 2018 (1.18.1)/Continuous | ||||||||||
NaCL | Daniel J. Bernstein, Tanja Lange, Peter Schwabe | C | Yes | Public domain | No | No | February 21, 2011[12] | ||||||||||
Nettle | C | Yes | GNU GPL v2+ or GNU LGPL v3 | No | No | Template:Latest stable software release/Nettle | |||||||||||
Network Security Services | Mozilla | C | Yes | MPL 2.0 | Yes[13] | Yes |
| ||||||||||
OpenSSL | The OpenSSL Project | C | Yes | Apache Licence 1.0 and 4-Clause BSD Licence | Yes | Yes | 3.0.5 (5 July 2022[15]) [±] | ||||||||||
SafeZone FIPS Lib | Inside Secure | C | No | Commercial license | Yes | Yes | 1.1.0[16] | ||||||||||
wolfCrypt | wolfSSL, Inc. | C | Yes | GPL v2 or commercial license | Yes | Yes | 5.6.4 (October 30, 2023[17]) [±] |
- ^ The actual cryptlib is not FIPS 140 validated, although a validation exists for an adapted cryptlib as part of a third party, proprietary, commercial product.
Key operations
Key operations include key generation algorithms, key exchange agreements and public key cryptography standards.
Key generation and exchange
Implementation | ECDH | DH | DSA | RSA | ElGamal | NTRU | DSS |
---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | No | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
CryptoComply | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
cryptlib | Yes | Yes | Yes | Yes | Yes | No | Yes |
Crypto++ | Yes | Yes | Yes | Yes | No | No | |
Libgcrypt | Yes[a] | Yes | Yes | Yes | Yes | No | Yes |
libsodium | No | Yes | Yes | No | No | No | |
Nettle | No | No | Yes | Yes | No | No | |
OpenSSL | Yes | Yes | Yes | Yes | No | No | No |
SafeZone FIPS Lib | Yes | Yes | Yes | Yes | No | No | No |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | Yes | |
libtomcrypt | Yes | Yes | Yes | Yes | No | No | No |
- ^ By using the lower level interface.
Implementation | NIST | SECG | ECC Brainpool | ECDSA | ECDH | Curve25519 | EdDSA | GOST R 34.10 |
---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
CryptoComply | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
cryptlib | Yes | |||||||
Crypto++ | Yes | No | No | |||||
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
libsodium | Yes | Yes | Yes | |||||
Nettle | Yes | No | No | |||||
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
SafeZone FIPS Lib | Yes | Yes | Yes | |||||
wolfCrypt | Yes | Yes | Yes |
Public key cryptography standards
Implementation | PKCS#1 | PKCS#5 | PKCS#8 | PKCS#12 | IEEE P1363 | ASN.1 |
---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | No | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes |
CryptoComply | Yes | Yes | Yes | Yes | Yes | Yes |
cryptlib | Yes | Yes | Yes | Yes | No | Yes |
Crypto++ | Yes | Yes | No | No | Yes | Yes |
Libgcrypt | Yes | Yes[a] | Yes[a] | Yes[a] | Yes[a] | Yes[a] |
libsodium | No | No | No | No | No | No |
Nettle | Yes | Yes | No | No | No | No |
OpenSSL | Yes | Yes | Yes | Yes | No | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | No | Yes |
libtomcrypt | Yes | Yes | Yes | No | No | Yes |
Hash functions
Comparison of supported cryptographic hash functions. At the moment this section also includes ciphers that are used for producing a MAC tag for a message. Here hash functions are defined as taking an arbitrary length message and producing a fixed size output that is virtually impossible to use for recreating the original message.
Implementation | MD5 | SHA-1 | SHA-2 | SHA-3 | RIPEMD-160 | Tiger | Whirlpool | GOST | Stribog | BLAKE2 |
---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
CryptoComply | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
cryptlib | Yes | Yes | Yes | Yes | Yes | No | Yes | No | No | No |
Crypto++ | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
libsodium | No | No | Yes | No | No | No | No | No | No | Yes |
Nettle | Yes | Yes | Yes | Yes | Yes | No | No | Yes | No | |
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | No | No | No | Yes | |
libtomcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes |
MAC algorithms
Comparison of implementations of message authentication code (MAC) algorithms. A MAC is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity).
Implementation | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA2 | Poly1305-AES | BLAKE2-MAC |
---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes |
CryptoComply | Yes | Yes | Yes | Yes | Yes |
cryptlib | Yes | Yes | Yes | No | No |
Crypto++ | Yes | Yes | Yes | No | Yes |
Libgcrypt | Yes | Yes | Yes | Yes | Yes |
libsodium | No | No | Yes | Yes | Yes |
Nettle | Yes | Yes | Yes | Yes | No |
OpenSSL | Yes | Yes | Yes | Yes | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | Yes |
libtomcrypt | Yes | Yes | Yes | Yes | Yes |
Block ciphers
Table compares implementations of block ciphers. Block ciphers are defined as being deterministic and operating on a set number of bits (termed a block) using a symmetric key. Each block cipher can be broken up into the possible key sizes and block cipher modes it can be run with.
Block cipher algorithms
Implementation | AES-128 | AES-192 | AES-256 | Camellia | 3DES | Blowfish | Twofish | CAST5 | IDEA | GOST 28147-89 | ARIA |
---|---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
Bouncy Castle[18] | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
CryptoComply | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
cryptlib[19] | Yes | Yes | Yes | No | Yes | Yes | |||||
Crypto++[20] | Yes | Yes | Yes | Yes | Yes | Yes | |||||
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
libsodium | No | No | Yes | No | No | No | |||||
Nettle | Yes | Yes | Yes | Yes | Yes | Yes | |||||
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | No | Yes | ||||
libtomcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No |
Implementation | ECB | CBC | OFB | CFB | CTR | CCM | GCM | OCB | XTS | AES-Wrap | Stream |
---|---|---|---|---|---|---|---|---|---|---|---|
Botan | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Bouncy Castle | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
CryptoComply | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
cryptlib | Yes | Yes | Yes | No | No | ||||||
Crypto++ | Yes | Yes | Yes | Yes | Yes | ||||||
Libgcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
libsodium | No | No | Yes | No | Yes | ||||||
Nettle | Yes | Yes | Yes | Yes | Yes | ||||||
OpenSSL | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | ||||||
libtomcrypt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
Stream ciphers
Table compares implementations of the various stream ciphers. Stream ciphers are defined as using plain text digits that are combined with a pseudorandom cipher digit stream. Stream ciphers are typically faster than block ciphers and may have lower hardware complexity, but may be more susceptible to attacks.
Implementation | RC4 | HC-256 | Rabbit | Salsa20 | ChaCha | SEAL | Panama | WAKE | Grain | VMPC | ISAAC |
---|---|---|---|---|---|---|---|---|---|---|---|
Botan | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
Bouncy Castle | Yes | Yes | No | Yes | Yes | No | No | No | Yes | Yes | Yes |
CryptoComply | Yes | Yes | No | Yes | Yes | No | No | No | Yes | Yes | Yes |
cryptlib | Yes | No | No | No | No | No | No | No | No | No | No |
Crypto++ | Yes | No | No | Yes | No | Yes | Yes | Yes | No | No | No |
Libgcrypt | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
libsodium | No | No | No | Yes | Yes | No | No | No | No | No | No |
Nettle | Yes | No | No | Yes | Yes | No | No | No | No | No | No |
OpenSSL | Yes | No | No | No | Yes | No | No | No | No | No | No |
wolfCrypt | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No |
libtomcrypt | Yes | No | No | No | Yes | No | No | No | No | No | No |
Hardware-assisted support
Table compares the ability to utilize hardware enhanced cryptography. With using the assistance of specific hardware the library can achieve faster speeds and / or improved security than otherwise.
Implementation | PKCS #11 | PC/SC | CCID |
---|---|---|---|
Botan | Yes | No | No |
Bouncy Castle | Yes [a] | ||
CryptoComply | Yes | ||
cryptlib | Yes | ||
Crypto++ | No | ||
Libgcrypt | Yes [21] | Yes [22] | Yes [23] |
libsodium | No | ||
OpenSSL | |||
wolfCrypt | No | ||
libtomcrypt | No |
- ^ In conjunction with the PKCS#11 provider, or through the implementation of operator interfaces providing access to basic operations.
General purpose CPU / platform acceleration support
Implementation | AES-NI | SSSE3 / SSE4.1 | AVX / AVX2 | RdRand | VIA PadLock | Intel QuickAssist | ARMv7-A NEON | ARMv8-A |
---|---|---|---|---|---|---|---|---|
Botan | Yes | Yes | Yes | Yes | No | No | Yes | Yes |
CryptoComply | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes |
cryptlib | No | Yes | No | No | ||||
Crypto++ | Yes | No | No | No | ||||
Libgcrypt[24] | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes |
libsodium | Yes | Yes | Yes | No | No | No | ||
OpenSSL | Yes | Yes | Yes | No | No | Yes | ||
wolfCrypt | Yes | Yes | Yes | No | Yes[25] | Yes[26] |
Microcontrollers' cryptographic accelerator support
Implementation | STM32F2 | STM32F4 | Cavium NITROX | Freescale CAU/mmCAU | Microchip PIC32MZ | Atmel ATECC508A | TI TivaC Series | CubeMX | Nordic nRF51 |
---|---|---|---|---|---|---|---|---|---|
wolfCrypt | Yes | Yes | Yes | Yes | Yes | Yes[27] | Yes[28] | Yes | Yes |
Code size and code to comment ratio
Implementation | Source Code Size (kSLOC = 1000 lines of source code) |
Code Lines to Comment Lines Ratio |
---|---|---|
Botan | 75[29] | 4.28[29] |
Bouncy Castle | 1359[30] | 5.26[30] |
cryptlib | 241 | 2.66 |
Crypto++ | 159[31] | 10.1[31] |
Libgcrypt | 216[32] | 6.27[32] |
libsodium | 44[33] | 21.92[33] |
libtomcrypt | 76[34] | 3.98[34] |
Nettle | 111[35] | 4.08[35] |
OpenSSL | 472[36] | 4.41[36] |
wolfCrypt | 39 | 5.69 |
Portability
Implementation | Supported Operating System | Thread safe |
---|---|---|
Botan | Linux, FreeBSD, AIX, Windows, macOS, Android, iOS, QNX, IncludeOS | Yes |
Bouncy Castle | General Java API: J2ME, Java Runtime Environment 1.1+, Android. Java FIPS API: Java Runtime 1.5+, Android. C# API (General & FIPS): CLR 4. | |
CryptoComply | Linux (RHEL, CentOS, Debian, Ubuntu, etc.), Windows, iOS, Android, FreeBSD, macOS, Solaris, Java Runtime Environment | Yes |
cryptlib | AMX, BeOS, ChorusOS, DOS, eCOS, FreeRTOS/OpenRTOS, uItron, MVS, OS/2, Palm OS, QNX Neutrino, RTEMS, Tandem NonStop, ThreadX, uC/OS II, Unix (AIX, FreeBSD, HP-UX, Linux, macOS, Solaris, etc.), VDK, VM/CMS, VxWorks, Win16, Win32, Win64, WinCE/PocketPC/etc, XMK | Yes |
Crypto++ | Unix (OpenBSD, Linux, macOS, etc.), Win32, Win64, Android, iOS, ARM | |
Libgcrypt | All 32 and 64 bit Unix Systems (GNU/Linux, FreeBSD, NetBSD, macOS etc.), Win32, Win64, WinCE and more | Yes[37] |
libsodium | macOS, Linux, OpenBSD, NetBSD, FreeBSD, DragonflyBSD, Android, iOS, 32 and 64-bit Windows (Visual Studio, MinGW, C++ Builder), NativeClient, QNX, JavaScript, AIX, MINIX, Solaris | Yes |
OpenSSL | Solaris, IRIX, HP-UX, MPE/iX, Tru64, Linux, Android, BSD (OpenBSD, NetBSD, FreeBSD, DragonflyBSD), NextSTEP, QNX, UnixWare, SCO, AIX, 32 and 64-bit Windows (Visual Studio, MinGW, UWIN, CygWin), UEFI, macOS (Darwin), iOS, HURD, VxWorks, uClinux, VMS, DJGPP (DOS), Haiku | Yes |
wolfCrypt | Win32/64, Linux, macOS, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, NonStop, TRON/ITRON/µITRON, Micrium's µC/OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP-UX | Yes |
libtomcrypt | Most 32 and 64 bit Systems (GNU/Linux, FreeBSD, macOS, Windows and more) | Yes |
References
- ^ Validated FIPS 140 Cryptographic Modules, NIST.gov, retrieved 2015-12-22
- ^ "Botan: Release Notes". Retrieved 2024-08-13.
- ^ "Release Notes - bouncycastle.org". 2023-11-13. Retrieved 2023-11-18.
- ^ "Java LTS Resources - bouncycastle.org". 2024-03-01. Retrieved 2024-03-31.
- ^ "Java FIPS Resources - bouncycastle.org". 2023-09-28. Retrieved 2022-09-29.
- ^ "The Legion of the Bouncy Castle C# Cryptography APIs". 2024-02-05. Retrieved 2024-02-06.
- ^ "C# .NET FIPS Resources - bouncycastle.org". 2023-02-28. Retrieved 2023-02-28.
- ^ Gutmann, Peter (2019). "Downloading". cryptlib. University of Auckland School of Computer Science. Retrieved 2019-08-07.
- ^ "The GnuTLS Transport Layer Security Library". Retrieved 4 December 2023.
- ^ "Libgcrypt 1.11.0 released". dev.gnupg.org. 2024-06-19. Retrieved 2024-06-20.
- ^ "Libgcrypt 1.8.11 released". dev.gnupg.org. 2023-11-16. Retrieved 2023-11-16.
- ^ Downloading and installing NaCl, Bernstein, Lange, Schwabe, retrieved 2017-05-22
- ^ "FIPS". Mozilla Foundation. 2012-02-01. Archived from the original on 2013-05-02. Retrieved 2013-05-17.
{{cite web}}
: Unknown parameter|deadurl=
ignored (|url-status=
suggested) (help) - ^ a b "NSS:Release versions". Mozilla Wiki. Retrieved 7 November 2022.
- ^ "OpenSSL: Newslog". Retrieved 7 July 2022.
- ^ Certificate #2389
- ^ "wolfSSL ChangeLog". 2023-10-31. Retrieved 2023-10-31.
- ^ Bouncy Castle Specifications, bouncycastle.org, retrieved 2018-04-10
- ^ cryptlib Encryption Toolkit, Peter Gutmann, retrieved 2015-11-28
- ^ Crypto++ Library, Cryptopp.com, retrieved 2015-11-28
- ^ With Scute, scute.org
- ^ With GnuPG's SCdaemon & gpg-agent, gnupg.org
- ^ With GnuPG's SCdaemon & gpg-agent, gnupg.org
- ^ hwfeatures.c, git.gnupg.org
- ^ https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html
- ^ https://www.wolfssl.com/wolfSSL/Blog/Entries/2016/10/13_wolfSSL_ARMv8_Support.html
- ^ https://www.wolfssl.com/wolfSSL/wolfssl-atmel.html
- ^ http://processors.wiki.ti.com/index.php/Using_wolfSSL_with_TI-RTOS
- ^ a b Language Analysis of Botan, OpenHub.net, retrieved 2017-05-07
- ^ a b Language Analysis of Bouncy Castle, OpenHub.net, retrieved 2015-12-23
- ^ a b Language Analysis of Crypto++, OpenHub.net, retrieved 2015-12-23
- ^ a b Language Analysis of Libgcrypt, OpenHub.net, retrieved 2015-12-23
- ^ a b Language Analysis of libsodium, OpenHub.net, retrieved 2017-05-07
- ^ a b Language Analysis of libtomcrypt, OpenHub.net, retrieved 2018-02-12
- ^ a b Language Analysis of Nettle, OpenHub.net, retrieved 2015-12-23
- ^ a b Language Analysis of OpenSSL, OpenHub.net, retrieved 2017-05-07
- ^ GnuPG documentation: Libgcrypt overview - thread safety, GnuPG.org, retrieved 2016-04-16
External links
- LibTom projects, http://www.libtom.net/
- OpenSSL libraries libssl and libcrypto, https://wiki.openssl.org/index.php/Libcrypto_API
- wolfSSL embedded crypto libraries, https://wolfssl.com/wolfSSL/Products-wolfcrypt.html
- SafeLogic's CryptoComply family of cryptographic libraries, https://www.SafeLogic.com