/usr/share/doc/libbotan-2-doc/manual/goals.html is in libbotan-2-doc 2.4.0-5ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Project Goals — Botan</title>
<link rel="stylesheet" href="_static/agogo.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '2.4.0',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="Support Information" href="support.html" />
<link rel="prev" title="Getting Started" href="index.html" />
</head>
<body>
<div class="header-wrapper">
<div class="header">
<h1>Botan</h1>
</div>
</div>
<div class="content-wrapper">
<div class="content">
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="project-goals">
<h1>Project Goals<a class="headerlink" href="#project-goals" title="Permalink to this headline">¶</a></h1>
<p>Botan seeks to be a broadly applicable library that can be used to implement a
range of secure distributed systems.</p>
<p>The library has the following project goals guiding changes. It does not succeed
in all of these areas in every way just yet, but it describes the system that is
the desired end result. Over time further progress is made in each.</p>
<ul class="simple">
<li>Secure and reliable. The implementations must of course be correct and well
tested, and attacks such as side channels and fault attacks should be
accounted for where necessary. The library should never crash, or invoke
undefined behavior, regardless of circumstances.</li>
<li>Implement schemes important in practice. It should be practical to implement
any real-world crypto protocol using just what the library provides. It is
worth some (limited) additional complexity in the library, in order to expand
the set of applications which can easily adopt Botan.</li>
<li>Ease of use. It should be straightforward for an application programmer to do
whatever it is they need to do. There should be one obvious way to perform any
operation. The API should be predicable, and follow the “principle of least
astonishment” in its design. This is not just a nicety; confusing APIs often
result in errors that end up compromising security.</li>
<li>Simplicity of design, clarity of code, ease of review. The code should be easy
to read and understand by other library developers, users seeking to better
understand the behavior of the code, and by professional reviewers looking for
bugs. This is important because bugs in convoluted code can easily escape
multiple expert reviews, and end up living on for years.</li>
<li>Well tested. The code should be correct against the spec, with as close to
100% test coverage as possible. All available static and dynamic analysis
tools at our disposal should be used, including fuzzers, symbolic execution,
and protocol specific tools. Within reason, all warnings from compilers and
static analyzers should be addressed, even if they seem like false positives,
because that maximizes the signal value of new warnings from the tool.</li>
<li>Safe defaults. Policies should aim to be highly restrictive by default, and if
they must be made less restrictive by certain applications, it should be
obvious to the developer that they are doing something unsafe.</li>
<li>Post quantum security. Possibly a practical quantum computer that can break
RSA and ECC will never be built, but the future is notoriously hard to predict.
It seems prudent to begin designing and deploying systems now which have at
least the option of using a post-quantum scheme. Botan provides a conservative
selection of algorithms thought to be post-quantum secure.</li>
<li>Performance. Botan does not in every case strive to be faster than every other
software implementation, but performance should be competitive and over time
new optimizations are identified and applied.</li>
<li>Support whatever I/O mechanism the application wants. Allow the application to
control all aspects of how the network is contacted, and ensure the API makes
asynchronous operations easy to handle. This both insulates Botan from
system-specific details and allows the application to use whatever networking
style they please.</li>
<li>Portability to modern systems. Botan does not run everywhere, and we actually
do not want it to (see non-goals below). But we do want it to run on anything
that someone is deploying new applications on. That includes both major OSes
like Windows, Linux, and BSD and also relatively new OSes such as IncludeOS.</li>
<li>Well documented. Ideally every public API would have some place in the manual
describing its usage.</li>
<li>Useful command line utility. The botan command line tool should be flexible
and featured enough to replace similar tools such as openssl for everyday
users.</li>
</ul>
<div class="section" id="non-goals">
<h2>Non-Goals<a class="headerlink" href="#non-goals" title="Permalink to this headline">¶</a></h2>
<p>There are goals some crypto libraries have, but which Botan actively does not
seek to address.</p>
<ul>
<li><p class="first">Deep embedded support. Botan requires a heap, C++ exceptions, and RTTI, and at
least in terms of performance optimizations effectively assumes a 32 or 64 bit
processor. It is not suitable for deploying on, say FreeRTOS running on a
MSP430, or smartcard with an 8 bit CPU and 256 bytes RAM. A larger SoC, such
as a Cortex-A7 running Linux, is entirely within scope.</p>
</li>
<li><p class="first">Implementing every crypto scheme in existence. The focus is on algorithms
which are in practical use in systems deployed now, as well as promising
algorithms for future deployment. Many algorithms which were of interest 5-15
years ago but which never saw widespread deployment and have no compelling
benefit over other designs were originally implemented in the library but have
since been removed to simplify the codebase.</p>
</li>
<li><p class="first">Portable to obsolete systems. There is no reason for crypto software to
support ancient OS platforms like SunOS or Windows 2000, since these unpatched
systems are completely unsafe anyway. The additional complexity supporting
such platforms just creates more room for bugs.</p>
</li>
<li><p class="first">Portable to every C++ compiler ever made. Over time Botan moves forward to
both take advantage of new language/compiler features, and to shed workarounds
for dealing with bugs in ancient compilers. The set of supported compilers is
fixed for each new release branch, for example Botan 2.x will always support
GCC 4.8. But a future 3.x release version will likely increase the required
versions for all compilers.</p>
</li>
<li><p class="first">FIPS 140 validation. The primary developer was (long ago) a consultant with a
NIST approved testing lab. He does not have a positive view of the process or
results, at least when it comes to Level 1 software validations (a Level 4
validation is however the real deal). The only benefit of a Level 1 validation
is to allow for government sales, and the cost of validation includes enormous
amounts of time and money, adding ‘checks’ that are useless or actively
harmful, then freezing the software version so security updates cannot be
applied in the future. It does force a certain minimum standard (ie, FIPS
Level 1 does assure AES and RSA are probably implemented correctly) but this
is an issue of interop not security since Level 1 does not seriously consider
attacks of any kind. Any security budget would be far better spent on a review
from a specialized crypto consultancy, who would look for actual flaws.</p>
<p>That said it would be easy to add a “FIPS 140” build mode to Botan, which just
disabled all the builtin crypto and wrapped whatever the most recent OpenSSL
FIPS module exports.</p>
</li>
<li><p class="first">Educational purposes. The library code is intended to be easy to read and
review, and so might be useful in an educational context. However it does not
contain any toy ciphers (unless you count DES and RC4) nor any tools for
simple cryptanalysis. Generally the manual and source comments assume previous
knowledge on the basic concepts involved.</p>
</li>
<li><p class="first">User proof. Some libraries provide a very high level API in an attempt to save
the user from themselves. Occasionally they succeed. It would be appropriate
and useful to build such an API on top of Botan, but Botan itself wants to
cover a broad set of uses cases and some of these involve having pointy things
within reach.</p>
</li>
</ul>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="sidebar">
<h3>Table Of Contents</h3>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="index.html">Getting Started</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">Project Goals</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#non-goals">Non-Goals</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="support.html">Support Information</a></li>
<li class="toctree-l1"><a class="reference internal" href="building.html">Building The Library</a></li>
<li class="toctree-l1"><a class="reference internal" href="versions.html">Versioning</a></li>
<li class="toctree-l1"><a class="reference internal" href="secmem.html">Memory container</a></li>
<li class="toctree-l1"><a class="reference internal" href="rng.html">Random Number Generators</a></li>
<li class="toctree-l1"><a class="reference internal" href="hash.html">Hash Functions and Checksums</a></li>
<li class="toctree-l1"><a class="reference internal" href="block_cipher.html">Block Ciphers</a></li>
<li class="toctree-l1"><a class="reference internal" href="stream_ciphers.html">Stream Ciphers</a></li>
<li class="toctree-l1"><a class="reference internal" href="message_auth_codes.html">Message Authentication Codes (MAC)</a></li>
<li class="toctree-l1"><a class="reference internal" href="cipher_modes.html">Cipher Modes</a></li>
<li class="toctree-l1"><a class="reference internal" href="pubkey.html">Public Key Cryptography</a></li>
<li class="toctree-l1"><a class="reference internal" href="x509.html">X.509 Certificates and CRLs</a></li>
<li class="toctree-l1"><a class="reference internal" href="tls.html">Transport Layer Security (TLS)</a></li>
<li class="toctree-l1"><a class="reference internal" href="credentials_manager.html">Credentials Manager</a></li>
<li class="toctree-l1"><a class="reference internal" href="bigint.html">BigInt</a></li>
<li class="toctree-l1"><a class="reference internal" href="kdf.html">Key Derivation Functions</a></li>
<li class="toctree-l1"><a class="reference internal" href="pbkdf.html">PBKDF Algorithms</a></li>
<li class="toctree-l1"><a class="reference internal" href="keywrap.html">AES Key Wrapping</a></li>
<li class="toctree-l1"><a class="reference internal" href="passhash.html">Password Hashing</a></li>
<li class="toctree-l1"><a class="reference internal" href="cryptobox.html">Cryptobox</a></li>
<li class="toctree-l1"><a class="reference internal" href="srp.html">Secure Remote Password</a></li>
<li class="toctree-l1"><a class="reference internal" href="psk_db.html">PSK Database</a></li>
<li class="toctree-l1"><a class="reference internal" href="filters.html">Pipe/Filter Message Processing</a></li>
<li class="toctree-l1"><a class="reference internal" href="fpe.html">Format Preserving Encryption</a></li>
<li class="toctree-l1"><a class="reference internal" href="compression.html">Lossless Data Compression</a></li>
<li class="toctree-l1"><a class="reference internal" href="pkcs11.html">PKCS#11</a></li>
<li class="toctree-l1"><a class="reference internal" href="tpm.html">Trusted Platform Module (TPM)</a></li>
<li class="toctree-l1"><a class="reference internal" href="otp.html">One Time Passwords</a></li>
<li class="toctree-l1"><a class="reference internal" href="ffi.html">FFI (C89) Interface</a></li>
<li class="toctree-l1"><a class="reference internal" href="python.html">Python Binding</a></li>
<li class="toctree-l1"><a class="reference internal" href="cli.html">botan</a></li>
<li class="toctree-l1"><a class="reference internal" href="side_channels.html">Side Channels</a></li>
<li class="toctree-l1"><a class="reference internal" href="packaging.html">Notes for Distributors</a></li>
<li class="toctree-l1"><a class="reference internal" href="fuzzing.html">Fuzzing The Library</a></li>
<li class="toctree-l1"><a class="reference internal" href="deprecated.html">Deprecated Features</a></li>
<li class="toctree-l1"><a class="reference internal" href="abi.html">ABI Stability</a></li>
</ul>
<div role="search">
<h3 style="margin-top: 1.5em;">Search</h3>
<form class="search" action="search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
<div class="clearer"></div>
</div>
</div>
<div class="footer-wrapper">
<div class="footer">
<div class="left">
<div role="navigation" aria-label="related navigaton">
<a href="index.html" title="Getting Started"
accesskey="P">previous</a> |
<a href="support.html" title="Support Information"
accesskey="N">next</a> |
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |
<a href="genindex.html" title="General Index"
accesskey="I">index</a>
</div>
<div role="note" aria-label="source link">
</div>
</div>
<div class="right">
<div class="footer" role="contentinfo">
Last updated on 2018-04-08.
</div>
</div>
<div class="clearer"></div>
</div>
</div>
</body>
</html>
|