Leancrypto
Properties of leancrypto
The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. The algorithm implementations have the following properties:
-
minimal dependencies: only minimal POSIX environment needed - function calls are abstracted into helper code that may need to be replaced for other environments:
- Linux kernel support in
linux_kernel
(example usage: LRNG Hash Backend and LRNG random number generator Backend)
- Linux kernel support in
-
extractable: the algorithms can be extracted and compiled as part of a separate project,
-
flexible: you can disable algorithms on an as-needed basis using
meson configure
, -
fully thread-safe when using different cipher contexts for an invocation: there is no global state maintained for the algorithms,
-
stack-only support: all algorithms can be allocated on stack if needed. In addition, allocation functions for a usage on heap is also supported,
-
size: minimizing footprint when statically linking by supporting dead-code stripping,
-
performance: provide optimized code invoked with minimal overhead, thus significantly faster compared to other libraries like OpenSSL,
-
testable: all algorithm implementations are directly accessible via their data structures at runtime - regularly executed tests:
-
All algorithms testable with NIST’s ACVP are tested and official CAVP certificates are received
-
Automated test system using the
meson
build system covering all algorithms -
Automated testing of various scenarios using Github Testing
-
Automated testing of various CPU architectures using OpenSUSE Build Service
-
Continuous testing for Memory Leaks
-
Continuous Security Scans
-
-
versatile: The following execution environments are supported with all accelerated implementations:
-
Linux user space
-
Linux kernel space
-
BSD user space
-
Apple OSes user space
-
Windows user space
-
-
accelerated: Accelerated implementations are provided for the following algorithms which also benefit aggregated algorithms building on those primitives:
-
Ascon permutation: x86_64
-
SHA-3 and derivatives: x86_64, ARMv8, ARMv7
-
Curve 25519: x86_64
-
Dilithium: x86_64, ARMv8, ARMv7
-
Kyber: x86_64, ARMv8, ARMv8
-
AES: x86_64 AES-NI, ARMv8 CE and assembler, ARMv7
-
-
side-channel-resistant: A valgrind-based dynamic side channel analysis is applied to find time-variant code paths based on secret data.