1
1
Crypto++: a C++ Class Library of Cryptographic Schemes
2
Version 5.4 (in development)
6
- a class hierarchy with an API defined by abstract base classes
7
- AES (Rijndael) and AES candidates: RC6, MARS, Twofish, Serpent,
9
- other symmetric block ciphers: IDEA, DES, Triple-DES (DES-EDE2
10
and DES-EDE3), DESX (DES-XEX3), RC2, RC5, Blowfish, Diamond2,
11
TEA, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square, Skipjack,
13
- generic cipher modes: ECB, CBC, CBC ciphertext stealing (CTS),
14
CFB, OFB, counter mode (CTR)
15
- stream ciphers: Panama, ARC4, SEAL, WAKE, WAKE-OFB,
17
- public key cryptography: RSA, DSA, ElGamal, Nyberg-Rueppel
18
(NR), Rabin, Rabin-Williams (RW), LUC, LUCELG, DLIES (variants
20
- padding schemes for public-key systems: PKCS#1 v2.0, OAEP,
21
PSSR, IEEE P1363 EMSA2
22
- key agreement schemes: Diffie-Hellman (DH), Unified Diffie-
23
Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH
24
- elliptic curve cryptography: ECDSA, ECNR, ECIES, ECDH, ECMQV
25
- one-way hash functions: SHA-1, MD2, MD4, MD5, HAVAL, RIPEMD-
26
128, RIPEMD-256, RIPEMD-160, RIPEMD-320, Tiger, SHA-2 (SHA-256,
27
SHA-384, and SHA-512), Panama, Whirlpool
28
- message authentication codes: MD5-MAC, HMAC, XOR-MAC, CBC-MAC,
30
- cipher constructions based on hash functions: Luby-Rackoff, MDC
31
- pseudo random number generators (PRNG): ANSI X9.17 appendix C,
33
- password based key derivation functions: PBKDF1 and PBKDF2 from
35
- Shamir's secret sharing scheme and Rabin's information
36
dispersal algorithm (IDA)
37
- DEFLATE (RFC 1951) compression/decompression with gzip (RFC
38
1952) and zlib (RFC 1950) format support
39
- fast multi-precision integer (bignum) and polynomial
40
operations, with SSE2 optimizations for Pentium 4 processors
41
- finite field arithmetics, including GF(p) and GF(2^n)
42
- prime number generation and verification
43
- various miscellaneous modules such as base 64 coding and 32-bit
45
- class wrappers for these operating system features (optional):
46
- high resolution timers on Windows, Unix, and MacOS
47
- Berkeley and Windows style sockets
49
- /dev/random and /dev/urandom on Linux and FreeBSD
50
- Microsoft's CryptGenRandom on Windows
51
- A high level interface for most of the above, using a
52
filter/pipeline metaphor
53
- benchmarks and validation testing
54
- FIPS 140-2 Validated
2
Version 5.6.1 (in development)
4
Crypto++ Library is a free C++ class library of cryptographic schemes.
5
Currently the library contains the following algorithms:
9
authenticated encryption schemes GCM, CCM, EAX
11
high speed stream ciphers Panama, Sosemanuk, Salsa20, XSalsa20
13
AES and AES candidates AES (Rijndael), RC6, MARS, Twofish, Serpent,
16
IDEA, Triple-DES (DES-EDE2 and DES-EDE3),
17
other block ciphers Camellia, SEED, RC5, Blowfish, TEA, XTEA,
20
block cipher modes of operation ECB, CBC, CBC ciphertext stealing (CTS),
21
CFB, OFB, counter mode (CTR)
23
message authentication codes VMAC, HMAC, CMAC, CBC-MAC, DMAC,
26
SHA-1, SHA-2 (SHA-224, SHA-256, SHA-384, and
27
hash functions SHA-512), Tiger, WHIRLPOOL, RIPEMD-128,
28
RIPEMD-256, RIPEMD-160, RIPEMD-320
30
RSA, DSA, ElGamal, Nyberg-Rueppel (NR),
31
public-key cryptography Rabin-Williams (RW), LUC, LUCELG,
32
DLIES (variants of DHAES), ESIGN
34
padding schemes for public-key PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363
35
systems EMSA2 and EMSA5
37
Diffie-Hellman (DH), Unified Diffie-Hellman
38
key agreement schemes (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF,
41
elliptic curve cryptography ECDSA, ECNR, ECIES, ECDH, ECMQV
43
insecure or obsolescent MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL
44
algorithms retained for backwards 3.0, WAKE, WAKE-OFB, DESX (DES-XEX3), RC2,
45
compatibility and historical SAFER, 3-WAY, GOST, SHARK, CAST-128, Square
48
Other features include:
50
* pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool
51
* password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5,
52
PBKDF from PKCS #12 appendix B
53
* Shamir's secret sharing scheme and Rabin's information dispersal algorithm
55
* fast multi-precision integer (bignum) and polynomial operations
56
* finite field arithmetics, including GF(p) and GF(2^n)
57
* prime number generation and verification
58
* useful non-cryptographic algorithms
59
+ DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and
60
zlib (RFC 1950) format support
61
+ hex, base-32, and base-64 coding/decoding
62
+ 32-bit CRC and Adler32 checksum
63
* class wrappers for these operating system features (optional):
64
+ high resolution timers on Windows, Unix, and Mac OS
65
+ Berkeley and Windows style sockets
67
+ /dev/random, /dev/urandom, /dev/srandom
68
+ Microsoft's CryptGenRandom on Windows
69
* A high level interface for most of the above, using a filter/pipeline
71
* benchmarks and validation testing
72
* x86, x86-64 (x64), MMX, and SSE2 assembly code for the most commonly used
73
algorithms, with run-time CPU feature detection and code selection
74
* some versions are available in FIPS 140-2 validated form
56
76
You are welcome to use it for any purpose without paying me, but see
57
license.txt for the fine print.
59
This version of Crypto++ has been compiled successfully with MSVC 6.0 SP5
60
and .NET 2003 on Windows XP, GCC 2.95.4 on FreeBSD 4.6, GCC 2.95.3 on
61
Linux 2.4 and SunOS 5.8, GCC 3.4 on Cygwin 1.5.10, and Metrowerks
62
CodeWarrior 8.3 for Windows and MacOS.
77
License.txt for the fine print.
79
The following compilers are supported for this release. Please visit
80
http://www.cryptopp.com the most up to date build instructions and porting notes.
85
* Intel C++ Compiler 9 - 11
86
* Sun Studio 12 (CC 5.9)
64
88
*** Important Usage Notes ***
350
375
5.2.3 - fixed issues with FIPS algorithm test vectors
351
376
- put RSASSA-ISO into DLL
353
5.3 - Ported to MSVC .NET 2005 with support for x86-64
354
- Added defense against AES timing attacks, and more AES test vectors
355
- Changed StaticAlgorithmName() of Rijndael to "AES", CTR to "CTR"
378
5.3 - ported to MSVC 2005 with support for x86-64
379
- added defense against AES timing attacks, and more AES test vectors
380
- changed StaticAlgorithmName() of Rijndael to "AES", CTR to "CTR"
357
382
5.4 - added Salsa20
358
383
- updated Whirlpool to version 3.0
384
- ported to GCC 4.1, Sun C++ 5.8, and Borland C++Builder 2006
386
5.5 - added VMAC and Sosemanuk (with x86-64 and SSE2 assembly)
387
- improved speed of integer arithmetic, AES, SHA-512, Tiger, Salsa20,
388
Whirlpool, and PANAMA cipher using assembly (x86-64, MMX, SSE2)
389
- optimized Camellia and added defense against timing attacks
390
- updated benchmarks code to show cycles per byte and to time key/IV setup
391
- started using OpenMP for increased multi-core speed
392
- enabled GCC optimization flags by default in GNUmakefile
393
- added blinding and computational error checking for RW signing
394
- changed RandomPool, X917RNG, GetNextIV, DSA/NR/ECDSA/ECNR to reduce
395
the risk of reusing random numbers and IVs after virtual machine state
397
- changed default FIPS mode RNG from AutoSeededX917RNG<DES_EDE3> to
398
AutoSeededX917RNG<AES>
399
- fixed PANAMA cipher interface to accept 256-bit key and 256-bit IV
400
- moved MD2, MD4, MD5, PanamaHash, ARC4, WAKE_CFB into the namespace "Weak"
401
- removed HAVAL, MD5-MAC, XMAC
403
5.5.1 - fixed VMAC validation failure on 32-bit big-endian machines
405
5.5.2 - ported x64 assembly language code for AES, Salsa20, Sosemanuk, and Panama
406
to MSVC 2005 (using MASM since MSVC doesn't support inline assembly on x64)
407
- fixed Salsa20 initialization crash on non-SSE2 machines
408
- fixed Whirlpool crash on Pentium 2 machines
409
- fixed possible branch prediction analysis (BPA) vulnerability in
410
MontgomeryReduce(), which may affect security of RSA, RW, LUC
411
- fixed link error with MSVC 2003 when using "debug DLL" form of runtime library
412
- fixed crash in SSE2_Add on P4 machines when compiled with
413
MSVC 6.0 SP5 with Processor Pack
414
- ported to MSVC 2008, GCC 4.2, Sun CC 5.9, Intel C++ Compiler 10.0,
415
and Borland C++Builder 2007
417
5.6 - added AuthenticatedSymmetricCipher interface class and Filter wrappers
418
- added CCM, GCM (with SSE2 assembly), EAX, CMAC, XSalsa20, and SEED
419
- added support for variable length IVs
420
- added OIDs for Brainpool elliptic curve parameters
421
- improved AES and SHA-256 speed on x86 and x64
422
- fixed incorrect VMAC computation on message lengths
423
that are >64 mod 128 (x86 assembly version is not affected)
424
- fixed compiler error in vmac.cpp on x86 with GCC -fPIC
425
- fixed run-time validation error on x86-64 with GCC 4.3.2 -O2
426
- fixed HashFilter bug when putMessage=true
427
- removed WORD64_AVAILABLE; compiler support for 64-bit int is now required
428
- ported to GCC 4.3, C++Builder 2009, Sun CC 5.10, Intel C++ Compiler 11
430
5.6.1 - switched to a public domain implementation of MARS
360
432
Written by Wei Dai