Crypto++^® Library 5.6.2

What is it?

Crypto++ Library is a free C++ class library of cryptographic schemes. Currently the library contains the following algorithms:

Other features include:

• pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool
• password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5, PBKDF from PKCS #12 appendix B
• Shamir's secret sharing scheme and Rabin's information dispersal algorithm (IDA)
• fast multi-precision integer (bignum) and polynomial operations
• finite field arithmetics, including GF(p) and GF(2^n)
• prime number generation and verification
• useful non-cryptographic algorithms
  • DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and zlib (RFC 1950) format support
  • hex, base-32, and base-64 coding/decoding
  • 32-bit CRC and Adler32 checksum
• class wrappers for these operating system features (optional):
  • high resolution timers on Windows, Unix, and Mac OS
  • Berkeley and Windows style sockets
  • Windows named pipes
  • /dev/random, /dev/urandom, /dev/srandom
  • Microsoft's CryptGenRandom on Windows
• A high level interface for most of the above, using a filter/pipeline metaphor
• benchmarks and validation testing
• x86, x86-64 (x64), MMX, and SSE2 assembly code for the most commonly used algorithms, with run-time CPU feature detection and code selection
  • supports GCC-style and MSVC-style inline assembly, and MASM for x64
• certain versions are available in FIPS 140-2 validated form

License

Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2) licensed under the Boost Software License 1.0, while the individual files in the compilation are all public domain.

What's new?

• 2/20/2013 - Version 5.6.2 released
  • changed license to Boost Software License 1.0
  • added SHA-3 (Keccak)
  • updated DSA to FIPS 186-3 (see DSA2 class)
  • fixed Blowfish minimum keylength to be 4 bytes (32 bits)
  • fixed Salsa validation failure when compiling with GCC 4.6
  • fixed infinite recursion when on x64, assembly disabled, and no AESNI
  • ported to MSVC 2012, GCC 4.7, Clang 3.2, Solaris Studio 12.3, Intel C++ Compiler 13.0
• 8/9/2010 - Version 5.6.1 released
  • added support for AES-NI and CLMUL instruction sets in AES and GMAC/GCM
  • removed WAKE-CFB
  • fixed several bugs in the SHA-256 x86/x64 assembly code:
    • incorrect hash on non-SSE2 x86 machines on non-aligned input
    • incorrect hash on x86 machines when input crosses 0x80000000
    • incorrect hash on x64 when compiled with GCC with optimizations enabled
  • fixed bugs in AES x86 and x64 assembly causing crashes in some MSVC build configurations
  • switched to a public domain implementation of MARS
  • ported to MSVC 2010, GCC 4.5.1, Sun Studio 12u1, C++Builder 2010, Intel C++ Compiler 11.1
  • renamed the MSVC DLL project to "cryptopp" for compatibility with MSVC 2010
• 3/15/2009 - Version 5.6.0 released
  • added AuthenticatedSymmetricCipher interface class and Filter wrappers
  • added CCM, GCM (with SSE2 assembly), EAX, CMAC, XSalsa20, and SEED
  • added support for variable length IVs
  • added OIDs for Brainpool elliptic curve parameters
  • improved AES and SHA-256 speed on x86 and x64
  • fixed incorrect VMAC computation on message lengths that are >64 mod 128 (x86 assembly version is not affected)
  • fixed compiler error in vmac.cpp on x86 with GCC -fPIC
  • fixed run-time validation error on x86-64 with GCC 4.3.2 -O2
  • fixed HashFilter bug when putMessage=true
  • removed WORD64_AVAILABLE; compiler support for 64-bit int is now required
  • ported to GCC 4.3, C++Builder 2009, Sun CC 5.10, Intel C++ Compiler 11
• 5/16/2008 - Recovered from web host server crash. Now hosted by ibiblio.org.
• 9/24/2007 - Version 5.5.2 released
  • ported x64 assembly language code for AES, Salsa20, Sosemanuk, and Panama to MSVC 2005 (using MASM since MSVC doesn't support inline assembly on x64)
  • fixed Salsa20 initialization crash on non-SSE2 machines
  • fixed Whirlpool crash on Pentium 2 machines
  • fixed possible branch prediction analysis (BPA) vulnerability in MontgomeryReduce(), which may affect security of RSA, RW, LUC
  • fixed link error with MSVC 2003 when using "debug DLL" form of runtime library
  • fixed crash in SSE2_Add on P4 machines when compiled with MSVC 6.0 SP5 with Processor Pack
  • added support for newly released compilers: MSVC 2008, GCC 4.2, Sun CC 5.9, Intel C++ Compiler 10.0, and Borland C++Builder 2007
• 8/14/2007 - Version 5.3.0 released as FIPS 140-2 validated module.
• 6/1/2007 - Updated reference manual to version 5.5.1, and migrated from CVS to SVN
• 5/25/2007 - Version 5.5.1 released
  • fixed VMAC validation failure on 32-bit big-endian machines
• 5/5/2007 - Version 5.5 released
  • added VMAC and Sosemanuk (with x86-64 and SSE2 assembly)
  • improved speed of integer arithmetic, AES, SHA-512, Tiger, Salsa20, Whirlpool, and PANAMA cipher using assembly (x86-64, MMX, SSE2)
  • optimized Camellia and added defense against timing attacks
  • updated benchmarks code to show cycles per byte and to time key/IV setup
  • started using OpenMP for increased multi-core speed
  • enabled GCC optimization flags by default in GNUmakefile
  • added blinding and computational error checking for RW signing
  • changed RandomPool, X917RNG, GetNextIV, DSA/NR/ECDSA/ECNR to reduce the risk of reusing random numbers and IVs after virtual machine state rollback
  • changed default FIPS mode RNG from AutoSeededX917RNG<DES_EDE3> to AutoSeededX917RNG<AES>
  • fixed PANAMA cipher interface to accept 256-bit key and 256-bit IV
  • moved MD2, MD4, MD5, PanamaHash, ARC4, WAKE_CFB into the namespace "Weak"
  • removed HAVAL, MD5-MAC, XMAC

Platforms

The current version of Crypto++ supports the following compilers:

• MSVC 6.0 - 2012
• GCC 3.3 - 4.7
• Clang 3.2
• Intel C++ Compiler 11 - 13
• Solaris Studio 12.3
• C++Builder 2010 (for version 5.6.1)

For detailed build status and notes on various compiler/OS/CPU combinations as well as information about compiling earlier versions of Crypto++, please see this wiki entry.

Download

Remember to use the "-a" (auto-convert text files) option when unzipping on a Unix machine. After downloading, please read the Readme.txt included in the zip archive for build instructions and other important notes.

The zip files should have the following hashes:

crypto50.zip:

MD5: fe8d4ef49b69874763f6dab30cbb6292
SHA-1: d0d83e60b6c03408370ca6c13aa5cac5e2220bf1
RIPEMD-160: 150db13d4df29020829f0fe817f54ee5a0595e50
SHA-256: c67c64693f32195e69d3d7e5bdf47afbd91e8b69d0407a2bc68a745d9dbebb26

MD5: f4bfd4ac39dc1b7f0764d61a1ec4df16
SHA-1: 95905714c85f6fb563e66edb5478818df787fe2d
RIPEMD-160: 8b7420c421be39e9976f1ce2a80840d7ed6b38ef
SHA-256: d183a98c28feb1e0f7d21d177469831e5052aa8ca446475e95a5ebe7a7feb3cd

MD5: 82a00c44235ccbae2bedf9cb16c40ac3
SHA-1: 4b84311d1cbde04df5d88b5375d29c2e35ccb89c
RIPEMD-160: 7c4d3cf702a1cf38f2a19cb5cebf170dabc23a35
SHA-256: d578d297f1804a6b1c3f9090cc77091e49ae6d0311846a45117e79d4d20c2a39

MD5: 40e760012d1b0b7e316676ef09e0a814
SHA-1: 88f6534b713fbbf5c1af5fdddc402b221eea73bf
RIPEMD-160: 8efd6d1ab9a34f69dfa2ef04852eff0efb69b47f
SHA-256: fa9aceb1b46c886b5c13fe5aa3d0cdbd74b4a2dd894e290cbdbfd17fe8a7fe5a

SHA-1: 18efe451b3c682f40db75dc2b09cb448a835e7d6
SHA-512: 62fa0aa79081b14cc87345c5364182d83cd1bde6ea732bcecc5cae02879d218159b324a0872d6ef70c1b1916cadb2243036918cbcf962f78b84c788c55d7520f
WHIRLPOOL: ff32165cd7bac87004d5a60550226ef6391901185d2c2262f58b278d6cc705fb74d5cfaabbcdc47fed16448b52499b061ab0bb07556b95e3ccd4b4441cbd3952

SHA-1: b836783ebd72d5bc6a916620ab2b1ecec316fef1
SHA-512: 37c5820404f9fa94e4ebe595865de17af13876bf5ef20c8612e019427893227f80095f21ee71c6caf781f14a493dc56805eb965e909f8fdce31a9f748b772655
WHIRLPOOL: fab7114bcd3eef5df0ef9d794ccb5f54670a7ef27f57f9662339e27d42dd2d19223ebee395e6a17e0fb2d48ea74139f3093f688db14bdefa650fb27f520c006b

SHA-1: 31dbb456c21f50865218c57b7eaf4c955a222ba1
SHA-256: 98e74d8cb17a38033354519ac8ba9c5d98a6dc00bf5d1ec3c533c2e8ec86f268
SHA-512: 6cc07f36b84a1043e01e458a826d4e3626a2d87b2f606352bc18f607e1c1a68dc3c9b3454659bc1e21e07c9addbf6f4255c5848205fb31c3f445c31a00ebfbf1
WHIRLPOOL: 51021ec68fa5b4a988fa343dce1e64455b33c922691a842a2f7801d7359e400bff342f381393aae42114a061cf9ab6365271d7a5c21dd5c26330d41dcb59bfc9

SHA-1: ddc18ae41c2c940317cd6efe81871686846fa293
SHA-256: 5cbfd2fcb4a6b3aab35902e2e0f3b59d9171fee12b3fc2b363e1801dfec53574
SHA-512: 016ca7ebad1091d67ad0bc5ccb7549d96d4af6b563d9d5a612cae27b3d1a3514c41b954e319fed91c820e8c701e3aa43da186e0864bf959ce4afd1539248ebbe
WHIRLPOOL: e31203da48a31b09e6ea48a75aa64fe5fd27fd370a1a609c4387526f09daab7582716563b688c0c81a8c3b200b8ffa7bdb2b981e5911640e5f1c172d6027f6ac

While You Are Downloading

• Take a look at the related links page. It includes links to crypto libraries for other languages, products that use Crypto++, etc.
• Consider the list of recommended books for Crypto++ users.
• Examine the Crypto++ license agreement.
• Read the Crypto++ User Guide.
• Browse the Crypto++ Reference Manual.
• View these Crypto++ class hierarchy charts to see how Crypto++ is organized. Note that these charts only include a small number of actual algorithms as examples.
  • symmetric algorithms and hash functions
  • public key algorithms

FIPS 140-2 Conformance

Because these packages contain compiled executable code, they have been signed with a PGP public key which is included inside the package. You can verify the PGP key's fingerprint by following the certificate link and obtaining a copy of the Crypto++ Library Security Policy from NIST's web site. The fingerprint is given in the Security Policy.

• Crypto++ Library 5.0.4 (32-bit Windows DLL, calling application must be compiled with MSVC 6.0) [download package] [download PGP signature] [certificate #343]
• Crypto++ Library 5.2.3 (32-bit Windows DLL, calling application must be compiled with MSVC .NET 2003) [download package] [download PGP signature] [certificate #562]
• Crypto++ Library 5.3.0 (32-bit and 64-bit Windows DLL, calling application must be compiled with MSVC 2005) [download package] [download PGP signature] [certificate #819]

Mailing Lists

There are two mailing lists for Crypto++.

• cryptopp-announce@lists.sourceforge.net - Crypto++ announcements
• cryptopp-users@googlegroups.com - user questions and general discussion related to Crypto++ (alternative archives are available at The Mail Archive and Nabble)

As a courtesy, please join the discussion list with your real name instead of an online handle. When posting a question to the mailing list, be sure to provide the following information, if applicable:

• exact error message
• stack trace (please copy from the call stack window of your debugger, or use the "bt" command in gdb)
• a minimal program with a main() function, that reproduces the problem
• version of Crypto++, operating system (output of "uname -a" command if using Unix), and compiler (output of "gcc -v" if using GCC)

To Contribute

• The SVN Repository allows you to view the latest (unreleased) Crypto++ source code.
• The Wiki/FAQ allows you to view and contribute information about how to best use Crypto++.

If you wish to contribute a bug fix or new feature to Crypto++, please post it to the mailing list if its a small patch. Contact Wei Dai directly if the amount of code is more substantial.

Paid Support and Consulting

If you are interested in paid support for Crypto++ or consulting on a Crypto++ related project, please take a look at this list of companies and individuals providing such services. This listing is a free service for the Crypto++ community, and anyone may sign up to be listed by following the above link.