Mbedcrypto - a portable, small, easy to use and fast c++14 library for cryptography.

Overview

mbedcrypto

mbedcrypto is a portable, small, easy to use, feature rich and fast c++14 library for cryptography based on fantastic and clean mbedtlsnote note.

a sister project for Qt5 developers is available as qpolarssl, although mbedcrypto is newer and has more features with smaller footprint and can be configured to support QByteArray through the api.

for more information see wiki page.


features and highlights

  • small size: the mbedcrypto is less than 250KB in size (as single shared library and stripped under Linux and OS X) with all predefined algorithms. it can be easily embedded into your service or application.
  • easy to use: although cryptographynote is complex and complicated, mbedcrypto hides most of the complexities, tries to be easy to use and hard to misuse.
  • portable: needs an standard c++14 compiler and compliant stl, compiled and tested by:
    • g++ 5.x+ / 6+ under linux
    • clang 3.6+ under os x
    • mingw 5.x+ under msys2 (windows 8.1)
    • msvc 2015 community edition under windows 7
  • low dependency:
    • the mbedtlsnote as underlying cryptography engine, is the only mandatory dependency.
    • catch2: only for unit testing.
    • cmake for building the library and the unit test app.
  • high+low level: both high level (c++ objects / exception) and low level (c pointer / error code) functions are available.
  • highly configurable: to add or remove the algorithms, simply change cmake build options. see build options
  • optional support for Qt5: optional support for Qt5's QByteArray is also available.

supported algorithms

following algorithms are included in mbedcrypto in default build (see wiki usage):

  • binary/text conversions: see wiki: samples

    • hex
    • base64
  • hashes (message digest): see wiki: samples

    • md5
    • sha1
    • sha224 / sha256
    • sha384 / sha512
    • hmac
    • optional hashes: ripemd160, md4, md2 (deprecated)
  • ciphers (symmetric): see wiki: samples

    • aes (128, 192, 256 bits) and aes-ni (hardware accelerated)
    • des and 3des (triple-des)
    • optional ciphers: blowfish, camellia and arc4
  • cipher block modes:

  • paddings:

    • pkcs7
    • one and zeros
    • zeros and length
    • zeros
  • random byte generator: see wiki samples

    • ctr_drbg counter mode deterministic random byte generator based on aes-256 NIST SP 800-90
  • pki (asymmetric): public key infrastructure, see wiki: rsa samples and wiki: ec samples

    • rsa
    • pem and der key formats (ASN.1)
    • optional pks: eckey elliptic curve, eckey_dh elliptic key Diffie–Hellman, ecdsa elliptic key digital signature algorithm, rsa_alt and rsassa_pss RSA standard signature algorithm, probabilistic signature scheme
    • optional rsa key generator
    • optional ec curves from well known domain parameters as NIST, Kolbitz, brainpool and Curve25519.

total number of supported algorithms:

  • hashes: 9
  • paddings: 5
  • ciphers: 47
  • pki: 6

see types.hpp

setup

bash

to setup all 3rdparty dependencies:

  • ARMmbed/mbedtls
  • catchorg/Catch2

run:

$mbedcrypto> ./setup.sh all

# optionally: $> ./setup.sh help

this script downloads the latest release files (master branch) of dependencies into ./3rdparty/ directory.


build

Build the mbedcrypto library using CMake in your terminal:

$workspace/> mkdir mbedcrypto.build
$workspace/> cd mbedcrypto.build
$mbedcrypto.build/> cmake /path/to/mbedcrypto

# optionally to reconfigure the build option (or by cmake-gui .)
$mbedcrypto.build/> ccmake .

$mbedcrypto.build/> make -j

$mbedcrypto.build/> make install

build options

to trim the library size, only SHA/AES/RSA algorithms are included. you can add other algorithms by these cmake options:

options message
MBEDCRYPTO_MD2 enable md2 hash (insecure and deprecated)
MBEDCRYPTO_MD4 enable md4 hash
MBEDCRYPTO_RIPEMD160 enable ripemd160 hash
MBEDCRYPTO_CFB enable cfb (cipher feedback mode)
MBEDCRYPTO_CTR enable ctr (cipher counter mode)
MBEDCRYPTO_GCM enable gcm (Galois cipher mode, for aead cryptography)
MBEDCRYPTO_CCM enable ccm (counter cbc-mac cipher mode, for aead cryptography)
MBEDCRYPTO_DES enable des and triple-des cipher
MBEDCRYPTO_BLOWFISH enable blowfish cipher
MBEDCRYPTO_CAMELLIA enable camellia cipher
MBEDCRYPTO_ARC4 enable arc4 cipher (insecure)
MBEDCRYPTO_PK_EXPORT enable export keys in pem or der format
MBEDCRYPTO_RSA_KEYGEN enable rsa key generator
MBEDCRYPTO_EC enable eckey, eckey_dh and ecdsa algorithms
MBEDCRYPTO_Qt5 also adds adaptors around Qt5's QByteArray

please see CMakeLists.txt for the full list.


tests

samples and unit tests are available under tests/tdd folder.

#run the tests
$mbedcrypto.xbin64/> ./mbedcrypto-tests

possible output:

supports 6 hash algorithms: MD5 , SHA1 , SHA224 , SHA256 , SHA384 , SHA512 ,
supports 5 padding algorithms: PKCS7 , ONE_AND_ZEROS , ZEROS_AND_LEN , ZEROS ,
         NONE ,
supports 6 block modes: NONE , ECB , CBC , CTR , GCM , CCM ,
supports 21 cipher algorithms: AES-128-ECB , AES-192-ECB , AES-256-ECB ,
         AES-128-CBC , AES-192-CBC , AES-256-CBC , AES-128-CTR , AES-192-CTR ,
         AES-256-CTR , AES-128-GCM , AES-192-GCM , AES-256-GCM , DES-ECB ,
         DES-CBC , DES-EDE-ECB , DES-EDE-CBC , DES-EDE3-ECB , DES-EDE3-CBC ,
         AES-128-CCM , AES-192-CCM , AES-256-CCM ,
 this system supports AESNI (hardware accelerated AES)
 this build supports AEAD (authenticated encryption with additional data)
supports 4 pk (public key) algorithms: RSA , EC , EC_DH , ECDSA ,
 this build supports PK export (*.pem, *.der) facility
 this build supports RSA key generation
 this build supports EC (elliptic curve) key generation
supports 12 elliptic curves: SECP192R1 , SECP224R1 , SECP256R1 , SECP384R1 ,
         SECP521R1 , SECP192K1 , SECP224K1 , SECP256K1 , BP256R1 , BP384R1 ,
         BP512R1 , CURVE25519 ,

===============================================================================
All tests passed (952 assertions in 17 test cases)


notes

cryptography

cryptography is both complex and complicated, it requires a vast knowledge of mathematics, concepts, principles, algorithms, standards, conventions, continuous investigation of attacks, ...

As cryptography is mostly used to protect sensitive data, writing a library for it is a daunting task and difficult by any factor.

So instead of writing a library from scratch, mbedcrypto stands on the shoulders of giants, mbedtls is this case.

mbedtls

Although mbedtls is mostly a TLS/SSL library for embedded devices, it has already implemented the most famous and widely used cryptographic algorithms and actively developed and maintained.

Arguably mbedtls has cleaner code than openssl, it's easier to read, use and maintain, and it has been designed for efficiency and portability from scratch (for embedded devices), and has many advantages over openssl like as readability, size, compiling and setup, … to name a few.

disclaimer

  • implementing an easy-to-use, lightweight and portable c++ library for cryptography are the main purpose of mbedcrypto.
  • there are many more algorithms in cryptographic libraries, the focus of mbedcrypto is on the most important or widely used algorithms, tries to be simple and not to bloat your application.
  • as mentioned in notes, the cryptography can be divided into several areas of study and best practices, I'm not a guru nor a specialist in this field.

If you have any ideas, critiques, suggestions or whatever you want to call it, please open an issue. I'll be happy to hear from you what you'd see in this lib. I think about all suggestions, and I try to add those that make sense.

license

Distributed under the MIT license. Copyright (c) 2016, Amir Zamani.

You might also like...
A collection of public domain/unlicense single-file cryptography

simple-crypto A collection of single-file public domain/unlicense cryptographic functions in different programming languages. Feel free to copy-paste

Small portable AES128/192/256 in C

Tiny AES in C This is a small and portable implementation of the AES ECB, CTR and CBC encryption algorithms written in C. You can override the default

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Tink A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Ubuntu

A lightweight, secure, easy-to-use crypto library suitable for constrained environments.
A lightweight, secure, easy-to-use crypto library suitable for constrained environments.

The Hydrogen library is a small, easy-to-use, hard-to-misuse cryptographic library. Features: Consistent high-level API, inspired by libsodium. Instea

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

A Powerful, Easy-to-Use, Compact, Cross-Platform and Installation-Free Crypto Tool. 一个强大,易用,小巧,跨平台且免安装的加密解密签名工具。
A Powerful, Easy-to-Use, Compact, Cross-Platform and Installation-Free Crypto Tool. 一个强大,易用,小巧,跨平台且免安装的加密解密签名工具。

GpgFrontend GpgFrontend is a Powerful, Easy-to-Use, Compact, Cross-Platform, and Installation-Free OpenPGP Crypto Tool. By using GpgFrontend, you can

This repository aims to provide an easy-to-use implementation of the Secure Hash Standard as specified in FIPS 180-4

HashLibCpp This repository aims to provide an easy-to-use implementation of the Secure Hash Standard. (currently implemented are SHA224, SHA256 and SH

:lock: Don't use this repo, use the new monorepo instead:

trezor-crypto Heavily optimized cryptography algorithms for embedded devices. These include: AES/Rijndael encryption/decryption Big Number (256 bit) A

Small collection of tools written in C for ECC and bitcoin

ecctools Small collection of tools written in C for ECC and bitcoin Why this programs are written in C language? Well i like C language because compil

Comments
  • Using Git's submodules instead of a Bash script for deps.

    Using Git's submodules instead of a Bash script for deps.

    Advantages of using submodules

    • Submodules are supported by Linux, Windows and OS X, instead of bash script that can only be executed on Linux distros.
    • Compatibility: Submodules keep track of a certain commit instead of a branch. This way a new commit can't break this repository due to massive changes.
    • Submodules can be downloaded recursively. If someone uses this repository as a submodule in his or her repo, all of the submodules in both repositories can be downloaded with only one command/flag.

    Disadvantages of using submodules

    • Maintainability: To get the newest updates from submodules, you need to pull new commits and push to this repository.
    opened by kapstok 4
  • wrong output

    wrong output

    hi

    test pls this error

    const string src_string = "84-16-F9-F5-79-9Fc2FsdA==vaCNjbnXOxl5BCV3Pn2OOLdurG94O4hd3FZW5+6njEApc=";
    string md5_value = make_hash(hash_t::md5, src_string);
    

    output

    thanks

    opened by F474M0R64N4 0
  • Build mbedcrypto from other directory than mbedcrypto root dir.

    Build mbedcrypto from other directory than mbedcrypto root dir.

    Made some changes in CMake to make the mbedcrypto library also 'buildable' from a different directory than the mbedcrypto root directory. This is useful when a CMake project, say Project A, uses the library.

    Project A has the mbedcrypto repo as a submodule in the directory ProjectA/dep/mbedcrypto.

    The developer of Project A can add the library simply by adding this code to ProjectA/CMakeLists.txt:

    file (GLOB MBEDCRYPTO "dep/mbedcrypto")
    add_subdirectory(${MBEDCRYPTO})
    target_link_libraries (ProjectA mbedcrypto)
    

    From that point the library is linked to Project A. The library can still be tested with mbedcrypto_tests. After calling cmake and make from the (unix) Terminal, the developer can test the library by executing:

    dep/mbedcrypto.xbin64/mbedcrypto_tests
    

    The statement is executed from the CMAKE_BINARY_DIRECTORY.

    If this pull request will be approved, I'm also planning to add a wiki page to the repo that describes how to link the mbedcrypto library to your own project as developer.

    opened by kapstok 2
Owner
amir zamani
amir zamani
An open source, portable, easy to use, readable and flexible SSL library

README for Mbed TLS Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocol

Arm Mbed 3.8k Nov 25, 2022
A modern, portable, easy to use crypto library.

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, i

Frank Denis 10.6k Nov 24, 2022
MIRACL Cryptographic SDK: Multiprecision Integer and Rational Arithmetic Cryptographic Library is a C software library that is widely regarded by developers as the gold standard open source SDK for elliptic curve cryptography (ECC).

MIRACL What is MIRACL? Multiprecision Integer and Rational Arithmetic Cryptographic Library – the MIRACL Crypto SDK – is a C software library that is

MIRACL 517 Nov 22, 2022
LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code.

LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code.

OpenBSD LibreSSL Portable 1.2k Nov 24, 2022
Retter - A collection of hash functions, ciphers, tools, libraries, and materials related to cryptography & security

Retter - A collection of hash functions, ciphers, tools, libraries, and materials related to cryptography & security.

Maciej A. Czyzewski 78 Nov 4, 2022
Finalists to the NIST lightweight cryptography competition

LWC Finalists This repository contains implementations of the 10 finalists in the NIST lightweight cryptography competition: ASCON, Elephant, GIFT-COF

null 32 Sep 4, 2022
In cryptography, a cipher is an algorithm for performing encryption or decryption.

Cipher 1.0 In cryptography, a cipher is an algorithm for performing encryption or decryption. What can be done using this program? This program can us

null 1 Apr 21, 2022
Cryptography Toolkit

Botan: Crypto and TLS for Modern C++ Botan (Japanese for peony flower) is a C++ cryptography library released under the permissive Simplified BSD lice

Jack Lloyd 2k Nov 26, 2022