Crypto++: a C++ Class Library of Cryptographic Schemes
Version 5.2.1 7/21/2004
This library includes:
- a class hierarchy with an API defined by abstract base classes
- AES (Rijndael) and AES candidates: RC6, MARS, Twofish, Serpent,
CAST-256
- other symmetric block ciphers: IDEA, DES, Triple-DES (DES-EDE2
and DES-EDE3), DESX (DES-XEX3), RC2, RC5, Blowfish, Diamond2,
TEA, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square, Skipjack,
Camellia, SHACAL-2
- generic cipher modes: ECB, CBC, CBC ciphertext stealing (CTS),
CFB, OFB, counter mode (CTR)
- stream ciphers: Panama, ARC4, SEAL, WAKE, WAKE-OFB,
BlumBlumShub
- public key cryptography: RSA, DSA, ElGamal, Nyberg-Rueppel
(NR), Rabin, Rabin-Williams (RW), LUC, LUCELG, DLIES (variants
of DHAES), ESIGN
- padding schemes for public-key systems: PKCS#1 v2.0, OAEP,
PSSR, IEEE P1363 EMSA2
- key agreement schemes: Diffie-Hellman (DH), Unified Diffie-
Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH
- elliptic curve cryptography: ECDSA, ECNR, ECIES, ECDH, ECMQV
- one-way hash functions: SHA-1, MD2, MD4, MD5, HAVAL, RIPEMD-
128, RIPEMD-256, RIPEMD-160, RIPEMD-320, Tiger, SHA-2 (SHA-256,
SHA-384, and SHA-512), Panama, Whirlpool
- message authentication codes: MD5-MAC, HMAC, XOR-MAC, CBC-MAC,
DMAC, Two-Track-MAC
- cipher constructions based on hash functions: Luby-Rackoff, MDC
- pseudo random number generators (PRNG): ANSI X9.17 appendix C,
PGP's RandPool
- password based key derivation functions: PBKDF1 and PBKDF2 from
PKCS #5
- Shamir's secret sharing scheme and Rabin's information
dispersal algorithm (IDA)
- DEFLATE (RFC 1951) compression/decompression with gzip (RFC
1952) and zlib (RFC 1950) format support
- fast multi-precision integer (bignum) and polynomial
operations, with SSE2 optimizations for Pentium 4 processors
- finite field arithmetics, including GF(p) and GF(2^n)
- prime number generation and verification
- various miscellaneous modules such as base 64 coding and 32-bit
CRC
- class wrappers for these operating system features (optional):
- high resolution timers on Windows, Unix, and MacOS
- Berkeley and Windows style sockets
- Windows named pipes
- /dev/random and /dev/urandom on Linux and FreeBSD
- Microsoft's CryptGenRandom on Windows
- A high level interface for most of the above, using a
filter/pipeline metaphor
- benchmarks and validation testing
- FIPS 140-2 Validated
You are welcome to use it for any purpose without paying me, but see
license.txt for the fine print.
This version of Crypto++ has been compiled successfully with MSVC 6.0 SP5
and .NET 2003 on Windows XP, GCC 2.95.4 on FreeBSD 4.6, GCC 2.95.3 on
Linux 2.4 and SunOS 5.8, GCC 3.4 on Cygwin 1.5.10, and Metrowerks
CodeWarrior 8.3 for Windows and MacOS.
*** Important Usage Notes ***
1. If a constructor for A takes a pointer to an object B (except primitive
types such as int and char), then A owns B and will delete B at A's
destruction. If a constructor for A takes a reference to an object B,
then the caller retains ownership of B and should not destroy it until
A no longer needs it.
2. Crypto++ is thread safe at the class level. This means you can use
Crypto++ safely in a multithreaded application, but you must provide
synchronization when multiple threads access a common Crypto++ object.
*** MSVC-Specific Information ***
On Windows, Crypto++ can be compiled into 3 forms: a static library
including all algorithms, a DLL with only FIPS Approved algorithms, and
a static library with only algorithms not in the DLL.
(FIPS Approved means Approved according to the FIPS 140-2 standard.)
The DLL may be used by itself, or it may be used together with the second
form of the static library. MSVC project files are included to build
all three forms, and sample applications using each of the three forms
are also included.
To compile Crypto++ with MSVC, open the "cryptest.dsw" workspace file
and build one or more of the following projects:
cryptdll - This builds the DLL. Please note that if you wish to use Crypto++
as a FIPS validated module, you must use a pre-built DLL that has undergone
the FIPS validation process instead of building your own.
dlltest - This builds a sample application that only uses the DLL.
cryptest Non-DLL-Import Configuration - This builds the full static library
along with a full test driver.
cryptest DLL-Import Configuration - This builds a static library containing
only algorithms not in the DLL, along with a full test driver that uses
both the DLL and the static library.
To use the Crypto++ DLL in your application, #include "dll.h" before including
any other Crypto++ header files, and place the DLL in the same directory as
your .exe file. dll.h includes the line #pragma comment(lib, "cryptopp")
so you don't have to explicitly list the import library in your project
settings. To use a static library form of Crypto++, specify it as
an additional library to link with in your project settings.
In either case you should check the compiler options to
make sure that the library and your application are using the same C++
run-time libraries and calling conventions.
*** DLL Memory Management ***
Because it's possible for the Crypto++ DLL to delete objects allocated
by the calling application, they must use the same C++ memory heap. Three
methods are provided to achieve this.
1. The calling application can tell Crypto++ what heap to use. This method
is required when the calling application uses a non-standard heap.
2. Crypto++ can tell the calling application what heap to use. This method
is required when the calling application uses a statically linked C++ Run
Time Library. (Method 1 does not work in this case because the Crypto++ DLL
is initialized before the calling application's heap is initialized.)
3. Crypto++ can automatically use the heap provided by the calling application's
dynamically linked C++ Run Time Library. The calling application must
make sure that the dynamically linked C++ Run Time Library is initialized
before Crypto++ is loaded. (At this time it is not clear if it is possible
to control the order in which DLLs are initialized on Windows 9x machines,
so it might be best to avoid using this method.)
When Crypto++ attaches to a new process, it searches all modules loaded
into the process space for exported functions "GetNewAndDeleteForCryptoPP"
and "SetNewAndDeleteFromCryptoPP". If one of these functions is found,
Crypto++ uses methods 1 or 2, respectively, by calling the function.
Otherwise, method 3 is used.
*** GCC-Specific Information ***
A makefile is included for you to compile Crypto++ with GCC. Make sure
you are using GNU Make and GNU ld. The make process will produce two files,
libcryptopp.a and cryptest.exe. Run "cryptest.exe v" for the validation
suite.
*** Documentation and Support ***
Crypto++ is documented through inline comments in header files, which are
processed through Doxygen to produce an HTML reference manual. You can find
a link to the manual from http://www.cryptopp.com. Also at that site is
the Crypto++ FAQ, which you should browse through before attempting to
use this library, because it will likely answer many of questions that
may come up.
If you run into any problems, please try the Crypto++ mailing list.
The subscription information and the list archive are available on
http://www.cryptopp.com. You can also email me directly at
cryptopp@weidai.com, but you will probably get a faster response through
the mailing list.
*** History ***
1.0 - First public release. Withdrawn at the request of RSA DSI.
- included Blowfish, BBS, DES, DH, Diamond, DSA, ElGamal, IDEA,
MD5, RC4, RC5, RSA, SHA, WAKE, secret sharing, DEFLATE compression
- had a serious bug in the RSA key generation code.
1