Keepassxc: Replace libsodium and libargon2 with Botan
Summary
Botan has full 2d/2i/2id support. We also support AES, ChaCha and Twofish (among others) with all common modes (CBC, CTR, GCM, XTS, etc). PKCS #11 Support
POC version for NeoPG with botan and PKCS#11 and you can play around with that to get some idea how this works. I currently plan to implement this in NeoPG. (See #255 for PKCS#11 support)
Botan on GitHub: https://github.com/randombit/botan/
Context
Botan was audited by a team in 2015 who found some issues (which were all resolved) https://botan.randombit.net/releases/audit_1.11.18.pdf
Various bug reports have also been provided by different researchers and crypto engineers. I cannot know how carefully any one of them checked the whole library though. You can see all reported security issues botan.randombit.net/security.html
In 2017 it was reviewed and approved by the German BSI (Federal Office for Information Security) for government use https://bsi.bund.de/SharedDocs/Downloads/DE/BSI/Krypto/Projektzusammenfassung_Botan.html and is used by open source projects such as strongSwan, ISC KEA, and Shadowsocks-qt5, and companies including Rockwell Automation, Panasonic, Mazda, IBM, Bosch, PSPDFKit, and Rohde & Schwarz among others randombit/botan/wiki/Users
Also FWIW I build and review cryptographic systems for a living. I have contributed changes to other libs including OpenSSL and mbedtls, and currently maintain the crypto code used in a FIPS validated HSM.
Maintainer is @randombit
droidmonkey
All 2 comments
Lowest Ubuntu version to have Botan is Bionic.
phoerious
on 31 May 2019
I checked out latest master to see if there is anything else that would be missing.
I noticed you are using Bcrypt-PBKDF for the SSH key support, which motivated me to finish adding support for that, I had written most of it last year but never got around to completing it https://github.com/randombit/botan/pull/1990 Obviously you can't use that unless you're willing to require the latest (or for now, unreleased) version, but it'll be there later if you want it.
Other things I noticed, all already directly supported or easily implemented using any version in 2.x release series:
RSA
secure malloc (secure_vector, or Botan::allocate_memory for malloc-style interface)
RNG (https://botan.randombit.net/manual/rng.html)
Salsa20
SHA-1/SHA-256/SHA-512
TOTP calculator (https://botan.randombit.net/manual/otp.html)
AesKdf - not built in, but doable with a few lines w/ BlockCipher interface
randombit
on 1 Jun 2019
Related issues
haroldm
路
3Comments
mstarke
路
3Comments
TheZ3ro
路
3Comments
Throne3d
路
3Comments
rugk
路
3Comments
Most helpful comment
I checked out latest master to see if there is anything else that would be missing.
I noticed you are using Bcrypt-PBKDF for the SSH key support, which motivated me to finish adding support for that, I had written most of it last year but never got around to completing it https://github.com/randombit/botan/pull/1990 Obviously you can't use that unless you're willing to require the latest (or for now, unreleased) version, but it'll be there later if you want it.
Other things I noticed, all already directly supported or easily implemented using any version in 2.x release series:
RSA
secure malloc (
secure_vector, orBotan::allocate_memoryfor malloc-style interface)RNG (https://botan.randombit.net/manual/rng.html)
Salsa20
SHA-1/SHA-256/SHA-512
TOTP calculator (https://botan.randombit.net/manual/otp.html)
AesKdf - not built in, but doable with a few lines w/
BlockCipherinterface