| ►Build Information | |
| Build version information | |
| Build configurations | |
| Enabled modules and API versions | |
| ASN.1 Handling | asn1: Process/encode/decode ASN.1 data structures and map OIDs |
| Base Types | base: Defines some high level types |
| ►Block Ciphers | block: Implementations of block cipher algorithms |
| ►AES | aes |
| AES ARMv8 | aes_armv8: AES using ARMv8 crypto instructions |
| AES-NI | aes_ni: AES using AES-NI and SIMD instructions |
| AES Power8 | aes_power8: AES using Power8 instructions |
| AES-VAES | aes_vaes: AES using VAES |
| AES Vector Permutation | aes_vperm: AES using Vector Permutation Instructions |
| ARIA | aria |
| Blowfish | blowfish |
| Camellia | camellia |
| Cascade | cascade |
| CAST-128 | cast128 |
| DES | des |
| GOST 28147-89 | gost_28147 |
| ►IDEA | idea |
| IDEA SSE2 | idea_sse2: IDEA using SSE2 SIMD instructions |
| Kuznyechik | kuznyechik |
| Lion | lion |
| ►Noekeon | noekeon |
| Noekeon SIMD | noekeon_simd: Noekeon using SIMD instructions |
| SEED | seed |
| ►Serpent | serpent |
| Serpent AVX2 | serpent_avx2: Serpent using AVX2 instructions |
| Serpent AVX512 | serpent_avx512: Serpent using AVX512 instructions |
| Serpent SIMD | serpent_simd: Serpent using SIMD instructions |
| ►SHACAL-2 | shacal2 |
| SHACAL-2 ARMv8 | shacal2_armv8: SHACAL-2 using ARMv8 crypto instructions |
| SHACAL-2 AVX2 | shacal2_avx2: SHACAL-2 using AVX2 instructions |
| SHACAL-2 SIMD | shacal2_simd: SHACAL-2 using SIMD instructions |
| SHACAL-2 X86 | shacal2_x86: SHACAL-2 using SSE instructions on x86 |
| ►SM4 | sm4 |
| SM4 ARMv8 | sm4_armv8: SM4 using ARMv8 crypto instructions |
| SM4 GFNI | sm4_gfni: SM4 using Intel GFNI |
| Threefish-512 | threefish_512 |
| Twofish | twofish |
| ►Codecs | codec: Helpers for data encoding and decoding |
| Base32 | base32: Base32 encoder and decoder |
| Base58 | base58: Base58 encoder and decoder |
| Base64 | base64: Base64 encoder and decoder |
| Hex | hex: Hex encoder and decoder |
| ►Compatibility | compat: Helpers for compatibility with other libraries |
| libsodium API | sodium: Partial compatibility implementation of the libsodium API |
| ►Compression | compression: Wrappers for compression algorithms |
| BZIP2 | bzip2 |
| ZLib | lzma |
| ZLib | zlib |
| ►Entropy Collection | entropy: Implementations of entropy sources |
| getentropy | getentropy: Wrapper for BSD's getentropy system call |
| RDSEED | rdseed: Wrapper for Intel's RDSEED instruction |
| Win32 Statistics | win32_stats: Entropy collection based on Windows statistics counters |
| Foreign Function Interface | ffi: C API for Botan's functionality |
| ►Filters | filters: Filter/Pipe API for data transformations |
| Unix File Descriptor Pipe I/O | fd_unix |
| ►Hashes | hash: Implementations of hash algorithms |
| BLAKE2b | blake2 |
| BLAKE2s | blake2s |
| ►Checksums | checksum: Implementations of checksum algorithms |
| Adler32 | adler32 |
| CRC24 | crc24 |
| CRC32 | crc32 |
| Comb4P | comb4p |
| GOST 34.11 | gost_3411 |
| Keccak | keccak: Pre-standard version of SHA-3 originally proposed during NIST competition |
| MD4 | md4 |
| MD5 | md5 |
| Merkle-Damgård Helper | mdx_hash: Helper class for implementing Merkle-Damgård hashes |
| Parallel Hashes | par_hash: Base class for parallel hash functions |
| RIPEMD-160 | rmd160 |
| ►SHA-1 | sha1 |
| SHA-1 ARMv8 | sha1_armv8: SHA-1 using ARMv8 crypto instructions |
| SHA-1 SSE2 | sha1_sse2: SHA-1 using SSE2 instructions |
| SHA-1 SIMD | sha1_x86: SHA-1 using SIMD instructions on x86 |
| ►SHA-256 and SHA-224 | sha2_32 |
| SHA-256 ARMv8 | sha2_32_armv8: SHA-256 using ARMv8 crypto instructions |
| SHA-256 BMI2 | sha2_32_bmi2: SHA-256 using BMI2 instructions |
| SHA-256 SIMD | sha2_32_x86: SHA-256 using SIMD instructions on x86 |
| ►SHA-512 and SHA-384 | sha2_64 |
| SHA-512 ARMv8 | sha2_64_armv8: SHA-512 using ARMv8 crypto instructions |
| SHA-512 BMI2 | sha2_64_bmi2: SHA-512 using BMI2 instructions |
| SHA-3 | sha3 |
| SHAKE | shake |
| Skein-512 | skein |
| SM3 | sm3 |
| Streebog | streebog |
| Truncated Hashes | trunc_hash: Wrapper class to truncate the output of an underlying hash function |
| Whirlpool | whirlpool |
| ►Key Derivation Functions | kdf: Implementations of Key Derivation Functions |
| HKDF | hkdf |
| KDF1 | kdf1 |
| KDF1 (ISO 18033-2) | kdf1_iso18033 |
| KDF2 | kdf2 |
| TLS 1.2 PRF | prf_tls: Implementation of the Pseudo-Random Function as used in TLS 1.2 |
| PRF X9.42 | prf_x942 |
| NIST SP800-108 | sp800_108 |
| NIST SP800-56A | sp800_56a |
| NIST SP800-56C | sp800_56c |
| XMD | xmd: XMD KDF from RFC 9380 |
| ►Keccak-permutation | keccak_perm |
| KECCAK-permutation BMI2 | keccak_perm_bmi2: KECCAK-permutation for SHA-3-related functions using BMI2 instructions |
| ►Message Authentication Codes | mac: Implementations of Message Authentication Codes |
| Blake2B MAC | blake2mac |
| CMAC | cmac |
| GMAC | gmac |
| HMAC | hmac |
| KMAC | kmac |
| Poly1305 | poly1305 |
| SipHash | siphash |
| ANSI X9.19 MAC | x919_mac |
| ►Math | math: Mathematical helpers; mostly big integer math |
| Big Integer | bigint: Wrapper classes for handling big integer math |
| Big Integer (Low-Level) | mp: Low level big integer math algorithms |
| Number Theory | numbertheory: Number theoretical higher level algorithms for big integer math |
| ►Prime Order Curves | pcurves: Generalized elliptic curve arithmetic |
| PCurve brainpool256r1 | pcurves_brainpool256r1: brainpool256r1 |
| PCurve brainpool384r1 | pcurves_brainpool384r1: brainpool384r1 |
| PCurve brainpool512r1 | pcurves_brainpool512r1: brainpool512r1 |
| PCurve frp256v1 | pcurves_frp256v1: frp256v1 |
| Prime Order Curves Implementation Helpers | pcurves_impl: Generalized elliptic curve arithmetic |
| PCurve numsp512d1 | pcurves_numsp512d1: numsp512d1 |
| PCurve secp192r1 | pcurves_secp192r1: secp192r1 |
| PCurve secp224r1 | pcurves_secp224r1: secp224r1 |
| PCurve secp256k1 | pcurves_secp256k1: secp256k1 |
| PCurve secp256r1 | pcurves_secp256r1: secp256r1 |
| PCurve secp384r1 | pcurves_secp384r1: secp384r1 |
| PCurve secp521r1 | pcurves_secp521r1: secp521r1 |
| PCurve sm2p256v1 | pcurves_sm2p256v1: sm2p256v1 |
| ►Miscellaneous | misc: Odds and ends: Algorithms and protocols that don't fit any of the other modules |
| Crypto Box | cryptobox: High-Level API for password-based encryption |
| FPE FE1 | fpe_fe1: Format Preserving Encryption (FE1 scheme) |
| HOTP/TOTP | hotp: HMAC/Time based One Time Password implementations |
| NIST KeyWrap | nist_keywrap: Key Wrapping as described in NIST SP800-38F |
| RFC 3394 KeyWrap | rfc3394: Key Wrapping as described in RFC 3394 |
| Roughtime | roughtime: Authenticated Time Synchronzation Protocol |
| SRP-6a | srp6: Secure Remote Password protocol - RFC 5054 compatible |
| Threshold Secret Sharing | tss: Implementation based on draft-mcgrew-tss-03 |
| ►ZFEC | zfec: Forward error correction based on Vandermonde matrices |
| ZFEC SSE2 | zfec_sse2: ZFEC using SSE2 instructions |
| ZFEC Vector Permutation | zfec_vperm: ZFEC using Vector Permutation Instructions |
| ►Block Cipher Modes | modes: Implementations of block cipher modes of operation |
| ►AEAD Modes | aead: Implementations of Authenticated Encryption Associated Data block cipher modes |
| CCM | ccm |
| ChaCha20Poly1305 | chacha20poly1305 |
| EAX | eax |
| GCM | gcm |
| OCB | ocb |
| SIV | siv |
| CBC | cbc |
| CFB | cfb |
| CBC Padding Methods | mode_pad |
| XTS | xts |
| ►Password Hashes | passhash: Implementations of password hashing algorithms |
| Argon2 Formatted | argon2fmt: Generates formatted Argon2 password hash outputs |
| BCrypt | bcrypt: BCrypt password hash function |
| Passhash 9 | passhash9: Passhash 9 password hash function |
| ►Password Based Key Derivation Functions | pbkdf: Implementations of Password Based Key Derivation Functions |
| ►Argon2 | argon2 |
| Argon2 AVX2 | argon2_avx2: Argon2 using AVX2 instructions |
| Argon2 SSSE3 | argon2_ssse3: Argon2 using SSSE3 instructions |
| BCrypt | bcrypt_pbkdf |
| PBKDF2 | pbkdf2 |
| S2K | pgp_s2k |
| Scrypt | scrypt |
| ►Public Key Paddings | pk_pad: Implementations of public key padding schemes |
| OAEP | eme_oaep |
| PKCS #1 v1.5 encryption padding | eme_pkcs1 |
| EME Raw Padding | eme_raw |
| PKCS #1 v1.5 signature padding | emsa_pkcs1 |
| PSS | emsa_pssr: PSS signature padding from PKCS1v2.0 |
| EMSA Raw Padding | emsa_raw |
| X9.31 | emsa_x931 |
| Hash Function Identification | hash_id |
| ISO-9796-2 | iso9796 |
| MGF1 | mgf1 |
| Raw Hash Function | raw_hash: Hash Function Used For Signature Schemes |
| ►Providers | prov: Adapters to external crypto providers |
| CommonCrypto | commoncrypto: Helpers and Utilities for calling CommonCrypto |
| PKCS #11 | pkcs11: Wrapper classes to interact with PKCS #11 modules |
| TPM | tpm: Wrappers and Utilites to interact with TPMs |
| ►TPM2 | tpm2: Wrappers and Utilites to interact with TPM2 |
| TPM2 Crypto Backend | tpm2_crypto_backend: Implementation of the TPM2-TSS crypto callbacks |
| TPM2 ECC Adapter | tpm2_ecc: Support for ECC pairs hosted on TPM 2.0 |
| TPM2 RSA Adapter | tpm2_rsa: Support for RSA key pairs hosted on TPM 2.0 |
| PSK Database | psk_db: Interface for a generic pre-shared key database |
| ►Public Key Algorithms | pubkey: Implementations of public key schemes |
| Public Key Blinding | blinding: Helper for BigInt blinding |
| Classic McEliece | classic_mceliece |
| ►Curve_448_Utils | curve448: Utils for x448 and Ed448 |
| Ed448 | ed448: Ed448 signature algorithm |
| X448 | x448: X448 key agreement algorithm |
| Diffie-Hellman | dh |
| ►Dilithium (common) | dilithium_common: Base implementation of CRYSTALS-Dilithium |
| Dilithium/ML-DSA SHAKE-based XOF adapter | dilithium_shake |
| ►Dilithium Round 3 | dilithium_round3 |
| Dilithium | dilithium: as specified in CRYSTALS-Dilithium 3.1 |
| Dilithium (AES) | dilithium_aes: as specified in CRYSTALS-Dilithium 3.1 |
| Discrete Logarithm | dl_algo: Classes for discrete logarithm based schemes |
| DL Group | dl_group: Wrapper for discrete logarithm groups and named groups |
| DLIES | dlies |
| DSA | dsa |
| ►EC Group | ec_group: Wrapper for elliptic curve groups |
| Legacy EC Point type | legacy_ec_point: Deprecated EC arithmetic interfaces |
| ECC Key | ecc_key: Base class for elliptic curve cryptography keys |
| ECDH | ecdh |
| ECDSA | ecdsa |
| ECGDSA | ecgdsa |
| ECIES | ecies |
| ECKCDSA | eckcdsa |
| Ed25519 | ed25519 |
| ElGamal | elgamal |
| FrodoKEM | frodokem |
| FrodoKEM (AES) | frodokem_aes |
| FrodoKEM (common) | frodokem_common: Base implementation of FrodoKEM |
| GOST 34.10-2001 | gost_3410 |
| HSS-LMS | hss_lms |
| Keypair | keypair: Helper functions for key pair and signature consistency checks |
| Kyber (common) | kyber_common: Base implementation of CRYSTALS-Kyber |
| ►Kyber Round 3 Encapsulation | kyber_round3: Kyber key encapsulation as specified in the Round 3 spec |
| Kyber | kyber |
| Kyber 90s | kyber_90s |
| McEliece | mce |
| ML-DSA | ml_dsa: Module Lattice Digital Signature Algorithm (FIPS 204) |
| ML-KEM | ml_kem: Module Lattice KEM |
| PBES2 | pbes2 |
| PEM | pem: Helpers and utilities for handling PEM containers |
| CRYSTALS | pqcrystals: Base utilities for CRYSTALS-Kyber/ML-KEM and CRYSTALS-Dilithium/ML-DSA. CRYptographic SuiTe for Algebraic LatticeS |
| RFC 6979 | rfc6979: RFC 6979 Deterministic Nonce Generator |
| RSA | rsa |
| SLH-DSA (SHA-256) | slh_dsa_sha2 |
| SLH-DSA (SHAKE) | slh_dsa_shake |
| SM2 | sm2 |
| ►SLH-DSA (common) | sphincsplus_common: Base implementation of Stateless Hash Function DSA |
| SLH-DSA/SPHINCS+ (SHA-256) Base | sphincsplus_sha2_base: Base module for SLH-DSA and SPHINCS+ with SHA-2 |
| SLH-DSA/SPHINCS+ (SHAKE) Base | sphincsplus_shake_base: Base module for SLH-DSA and SPHINCS+ with SHAKE |
| SPHINCS+ (SHA-256) | sphincsplus_sha2 |
| SPHINCS+ (SHAKE-256) | sphincsplus_shake |
| X25519 | x25519 |
| XMSS | xmss |
| ►Random Number Generators | rng: Implementations of Random Number Generators |
| Auto-Seeded RNG | auto_rng: Userspace RNG that automatically seeds using available entropy sources |
| ChaCha RNG | chacha_rng |
| ESDM RNG | esdm_rng: RNG based on ESDM - Entropy Source and DRNG Manager |
| HMAC DRBG | hmac_drbg: As defined in NIST SP800-90A |
| CPU Jitter Random Number Generator | jitter_rng |
| Processor RNG | processor_rng: Directly invokes a CPU specific instruction to generate random numbers |
| Stateful RNG | stateful_rng: Base class for RNGs that must keep an internal state |
| System RNG | system_rng: Wrapper around the system-provided standard RNG |
| ►Stream Ciphers | stream: Implementations of stream cipher algorithms |
| ►ChaCha20 | chacha |
| ChaCha20 AVX2 | chacha_avx2: ChaCha20 using AVX2 instructions |
| ChaCha20 AVX512 | chacha_avx512: ChaCha20 using AVX512 instructions |
| ChaCha20 SIMD | chacha_simd32: ChaCha20 using SIMD instructions |
| Counter Mode | ctr: CTR-BE block cipher mode |
| OFB | ofb: OFB block cipher mode |
| RC4 | rc4 |
| Salsa20 | salsa20 |
| SHAKE-based XOFs | shake_cipher: SHAKE-128 and SHAKE-256 XOF presented as stream ciphers |
| ►Transport Layer Security | tls: Common functionality for TLS |
| TLS ASIO Stream | asio: Boost ASIO stream interface as a wrapper around the TLS implementation |
| SQL Session Manager | sessions_sql: TLS Session Manager based on an SQL database |
| SQLite Session Manager | sessions_sqlite3: TLS Session Manager based on an SQLite database |
| ►TLS 1.2 | tls12: TLS 1.2 protocol implementation |
| TLS 1.2 CBC AEAD | tls_cbc: CBC + HMAC AEAD mode of operation for TLS 1.2 |
| TLS 1.3 | tls13: TLS 1.3 protocol implementation |
| TLS 1.3 (PQC) | tls13_pqc: Hybrid Key Exchange for TLS 1.3 with Post-Quantum Algorithms |
| ►Utilities | utils: Various utility functions and types |
| Bitvector utility | bitvector |
| Boost | boost |
| CPUID | cpuid: Handle runtime feature detection of the current CPU |
| Dynamic Loader | dyn_load: Helper class to represent a dynamically loaded library |
| ►GHASH | ghash |
| GHASH SIMD | ghash_cpu: GHASH using SIMD instructions |
| GHASH Vector Permutations | ghash_vperm: GHASH using Vector Permutation instructions |
| HTTP | http_util |
| Locking Allocator | locking_allocator: STL allocator using mlock to lock memory |
| Memory Pool | mem_pool |
| Operating System Utils | os_utils: Interfaces for accessing OS functionality |
| Polynomial Doubling | poly_dbl |
| ►SIMD | simd: Helpers for working with SIMD instructions |
| AVX2 | simd_avx2: Helpers for working with AVX2 instructions |
| AVX512 | simd_avx512: Helpers for working with AVX512 instructions |
| Socket | socket |
| SQLite 3 | sqlite3 |
| Thread Utilities | thread_utils |
| Tree Hash | tree_hash: Generic implementation of Merkle Tree Hashing |
| UUID | uuid |
| ►X.509 | x509: Handles X.509 certificates and their validation |
| File Certificate Store | certstor_flatfile: Certificate trust store based on a flat file containing PEM-encoded trusted certificates |
| SQL Certificate Store | certstor_sql: Certificate trust store based on an SQL database |
| SQLite Certificate Store | certstor_sqlite3: Certificate trust store based on an SQLite database |
| System Certificate Store | certstor_system: Certificate trust store backed by the system's trust store |
| macOS Certificate Store | certstor_system_macos: Adapter to access macOS' system trust store |
| Windows Certificate Store | certstor_system_windows: Adapter to access Windows' system trust store |
| ►eXtendable Output Function | xof: Implementations of XOFs |
| CRYSTALS XOF | aes_crystals_xof: XOF used in Kyber 90s and Dilithium AES |
| cSHAKE XOF | cshake_xof |
| SHAKE XOF | shake_xof |
1.12.0