Crypto++^® Library 5.6.0

What is it?

Crypto++ Library is a free C++ class library of cryptographic schemes. Currently the library contains the following algorithms:

Other features include:

• pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool
• password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5, PBKDF from PKCS #12 appendix B
• Shamir's secret sharing scheme and Rabin's information dispersal algorithm (IDA)
• fast multi-precision integer (bignum) and polynomial operations
• finite field arithmetics, including GF(p) and GF(2^n)
• prime number generation and verification
• useful non-cryptographic algorithms
  • DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and zlib (RFC 1950) format support
  • hex, base-32, and base-64 coding/decoding
  • 32-bit CRC and Adler32 checksum
• class wrappers for these operating system features (optional):
  • high resolution timers on Windows, Unix, and Mac OS
  • Berkeley and Windows style sockets
  • Windows named pipes
  • /dev/random, /dev/urandom, /dev/srandom
  • Microsoft's CryptGenRandom on Windows
• A high level interface for most of the above, using a filter/pipeline metaphor
• benchmarks and validation testing
• x86, x86-64 (x64), MMX, and SSE2 assembly code for the most commonly used algorithms, with run-time CPU feature detection and code selection
  • supports GCC-style and MSVC-style inline assembly, and MASM for x64
• certain versions are available in FIPS 140-2 validated form

License

The License of Crypto++ is somewhat unusual amongst open source projects. A distinction is made between the library as a compilation (i.e., collection), which is copyrighted by Wei Dai, and the individual files in it, which are public domain (with the exception of mars.cpp which is subject to its own license, included in that file).

The library is copyrighted as a compilation in order to place certain disclaimers (regarding warranty, export, and patents) in the license and to keep the attributions and public domain declarations intact when Crypto++ is distributed in source code form. The fact that individual files are public domain means that legally you can place code segments, entire files, or small sets of files (up to the limit set by fair use) into your own project and do anything you want with them without worrying about the copyright.

Because one purpose of the project is to act as a repository of public domain (not copyrighted) cryptographic source code, the code in Crypto++ was either written specifically for this project by its contributors and placed in the public domain, or derived from other sources that are public domain (again with the exception of mars.cpp).

What's new?

• 3/15/2009 - Version 5.6.0 released
  • added AuthenticatedSymmetricCipher interface class and Filter wrappers
  • added CCM, GCM (with SSE2 assembly), EAX, CMAC, XSalsa20, and SEED
  • added support for variable length IVs
  • added OIDs for Brainpool elliptic curve parameters
  • improved AES and SHA-256 speed on x86 and x64
  • fixed incorrect VMAC computation on message lengths that are >64 mod 128 (x86 assembly version is not affected)
  • fixed compiler error in vmac.cpp on x86 with GCC -fPIC
  • fixed run-time validation error on x86-64 with GCC 4.3.2 -O2
  • fixed HashFilter bug when putMessage=true
  • removed WORD64_AVAILABLE; compiler support for 64-bit int is now required
  • ported to GCC 4.3, C++Builder 2009, Sun CC 5.10, Intel C++ Compiler 11
• 5/16/2008 - Recovered from web host server crash. Now hosted by ibiblio.org.
• 9/24/2007 - Version 5.5.2 released
  • ported x64 assembly language code for AES, Salsa20, Sosemanuk, and Panama to MSVC 2005 (using MASM since MSVC doesn't support inline assembly on x64)
  • fixed Salsa20 initialization crash on non-SSE2 machines
  • fixed Whirlpool crash on Pentium 2 machines
  • fixed possible branch prediction analysis (BPA) vulnerability in MontgomeryReduce(), which may affect security of RSA, RW, LUC
  • fixed link error with MSVC 2003 when using "debug DLL" form of runtime library
  • fixed crash in SSE2_Add on P4 machines when compiled with MSVC 6.0 SP5 with Processor Pack
  • added support for newly released compilers: MSVC 2008, GCC 4.2, Sun CC 5.9, Intel C++ Compiler 10.0, and Borland C++Builder 2007
• 8/14/2007 - Version 5.3.0 released as FIPS 140-2 validated module.
• 6/1/2007 - Updated reference manual to version 5.5.1, and migrated from CVS to SVN
• 5/25/2007 - Version 5.5.1 released
  • fixed VMAC validation failure on 32-bit big-endian machines
• 5/5/2007 - Version 5.5 released
  • added VMAC and Sosemanuk (with x86-64 and SSE2 assembly)
  • improved speed of integer arithmetic, AES, SHA-512, Tiger, Salsa20, Whirlpool, and PANAMA cipher using assembly (x86-64, MMX, SSE2)
  • optimized Camellia and added defense against timing attacks
  • updated benchmarks code to show cycles per byte and to time key/IV setup
  • started using OpenMP for increased multi-core speed
  • enabled GCC optimization flags by default in GNUmakefile
  • added blinding and computational error checking for RW signing
  • changed RandomPool, X917RNG, GetNextIV, DSA/NR/ECDSA/ECNR to reduce the risk of reusing random numbers and IVs after virtual machine state rollback
  • changed default FIPS mode RNG from AutoSeededX917RNG<DES_EDE3> to AutoSeededX917RNG<AES>
  • fixed PANAMA cipher interface to accept 256-bit key and 256-bit IV
  • moved MD2, MD4, MD5, PanamaHash, ARC4, WAKE_CFB into the namespace "Weak"
  • removed HAVAL, MD5-MAC, XMAC

Platforms

These porting notes will help you compile Crypto++ on various platforms. If you need to compile Crypto++ 4.2 or earlier, please click here.

For detailed build status on various compiler/OS/CPU combinations and for platforms not listed below, please see this FAQ entry.

To apply these patches, run "patch < patchfile" in the directory where you've unzipped the Crypto++ source code files. "patch" is a standard utility on Unix systems. On Windows you can use patch from Cygwin or download a port of patch. See this Wikipedia article for more information.

Download

Remember to use the "-a" (auto-convert text files) option when unzipping on a Unix machine. After downloading, please read the Readme.txt included in the zip archive for build instructions and other important notes.

The zip files should have the following hashes:

crypto50.zip:

MD5: fe8d4ef49b69874763f6dab30cbb6292
SHA-1: d0d83e60b6c03408370ca6c13aa5cac5e2220bf1
RIPEMD-160: 150db13d4df29020829f0fe817f54ee5a0595e50
SHA-256: c67c64693f32195e69d3d7e5bdf47afbd91e8b69d0407a2bc68a745d9dbebb26

MD5: f4bfd4ac39dc1b7f0764d61a1ec4df16
SHA-1: 95905714c85f6fb563e66edb5478818df787fe2d
RIPEMD-160: 8b7420c421be39e9976f1ce2a80840d7ed6b38ef
SHA-256: d183a98c28feb1e0f7d21d177469831e5052aa8ca446475e95a5ebe7a7feb3cd

MD5: 5c09d632ef36e889f1727fb50cb21c4d
SHA-1: 1fef7da7d7cdc23a4d51906d585e0b91c163693d
RIPEMD-160: abc73242f96b2bbd0a09786803a693a2883c1003
SHA-256: 103bf2cab8f3a0e245c50af9992aca1583796b4c2dcccc16a0207a09a17a2a66

MD5: 82a00c44235ccbae2bedf9cb16c40ac3
SHA-1: 4b84311d1cbde04df5d88b5375d29c2e35ccb89c
RIPEMD-160: 7c4d3cf702a1cf38f2a19cb5cebf170dabc23a35
SHA-256: d578d297f1804a6b1c3f9090cc77091e49ae6d0311846a45117e79d4d20c2a39

MD5: 40e760012d1b0b7e316676ef09e0a814
SHA-1: 88f6534b713fbbf5c1af5fdddc402b221eea73bf
RIPEMD-160: 8efd6d1ab9a34f69dfa2ef04852eff0efb69b47f
SHA-256: fa9aceb1b46c886b5c13fe5aa3d0cdbd74b4a2dd894e290cbdbfd17fe8a7fe5a

SHA-1: 9e30568f0fd653e5626038d4e424dbc2cd637b85
SHA-512: 24e1c572f78b9ee9e5836c81707f6cf458ef0dbc234ba3c2937f5088342ced67b72bff73ba25d8f6d0f4367295c4606ddf837467823668777b82501bfca0f0ce
WHIRLPOOL: 5521685af5a503c7f914c7564d5a8f2d2677c35716890bfe65e271bff2c0a71dcf90dfcb8a1a6ade250bfcde76ee8b849deac689e56da56dd2d912e42f2d3931

SHA-1: 18efe451b3c682f40db75dc2b09cb448a835e7d6
SHA-512: 62fa0aa79081b14cc87345c5364182d83cd1bde6ea732bcecc5cae02879d218159b324a0872d6ef70c1b1916cadb2243036918cbcf962f78b84c788c55d7520f
WHIRLPOOL: ff32165cd7bac87004d5a60550226ef6391901185d2c2262f58b278d6cc705fb74d5cfaabbcdc47fed16448b52499b061ab0bb07556b95e3ccd4b4441cbd3952

SHA-1: b836783ebd72d5bc6a916620ab2b1ecec316fef1
SHA-512: 37c5820404f9fa94e4ebe595865de17af13876bf5ef20c8612e019427893227f80095f21ee71c6caf781f14a493dc56805eb965e909f8fdce31a9f748b772655
WHIRLPOOL: fab7114bcd3eef5df0ef9d794ccb5f54670a7ef27f57f9662339e27d42dd2d19223ebee395e6a17e0fb2d48ea74139f3093f688db14bdefa650fb27f520c006b

While You Are Downloading

• Take a look at the related links page. It includes links to crypto libraries for other languages, products that use Crypto++, etc.
• Consider the list of recommended books for Crypto++ users.
• Examine the Crypto++ license agreement.
• Read the Crypto++ User Guide.
• Browse the Crypto++ Reference Manual.
• View these Crypto++ class hierarchy charts to see how Crypto++ is organized. Note that these charts only include a small number of actual algorithms as examples.
  • symmetric algorithms and hash functions
  • public key algorithms

FIPS 140-2 Conformance

Because these packages contain compiled executable code, they have been signed with a PGP public key which is included inside the package. You can verify the PGP key's fingerprint by following the certificate link and obtaining a copy of the Crypto++ Library Security Policy from NIST's web site. The fingerprint is given in the Security Policy.

• Crypto++ Library 5.0.4 (32-bit Windows DLL, calling application must be compiled with MSVC 6.0) [download package] [download PGP signature] [certificate #343]
• Crypto++ Library 5.2.3 (32-bit Windows DLL, calling application must be compiled with MSVC .NET 2003) [download package] [download PGP signature] [certificate #562]
• Crypto++ Library 5.3.0 (32-bit and 64-bit Windows DLL, calling application must be compiled with MSVC 2005) [download package] [download PGP signature] [certificate #819]

Mailing Lists

There are two mailing lists for Crypto++.

• cryptopp-announce@lists.sourceforge.net - Crypto++ announcements
• cryptopp-users@googlegroups.com - user questions and general discussion related to Crypto++ (alternative archives are available at The Mail Archive and Nabble)

As a courtesy, please join the discussion list with your real name instead of an online handle. When posting a question to the mailing list, be sure to provide the following information, if applicable:

• exact error message
• stack trace (please copy from the call stack window of your debugger, or use the "bt" command in gdb)
• a minimal program with a main() function, that reproduces the problem
• version of Crypto++, operating system (output of "uname -a" command if using Unix), and compiler (output of "gcc -v" if using GCC)

To Contribute

• The SVN Repository allows you to view the latest (unreleased) Crypto++ source code.
• The Crypto++ Faq-O-Matic allows you to view frequently asked questions and to contribute new questions or answers.

If you wish to contribute a bug fix or new feature to Crypto++, please post it to the mailing list if its a small patch. Contact Wei Dai directly if the amount of code is more substantial.

Paid Support and Consulting

If you are interested in paid support for Crypto++ or consulting on a Crypto++ related project, please take a look at this list of companies and individuals providing such services. This listing is a free service for the Crypto++ community, and anyone may sign up to be listed by following the above link.