Crypto++ Library 8.2 | Free C++ Class Library of Cryptographic Schemes - Cryptheory

Crypto++ Library 8.2 | Free C++ Class Library of Cryptographic Schemes

Crypto++ Library is a free C++ class library of cryptographic schemes. The library contains the following algorithms:

Algorithm	Name
authenticated encryption schemes	GCM, CCM, EAX, ChaCha20Poly1305, XChaCha20Poly1305
high speed stream ciphers	ChaCha (8/12/20), ChaCha (IETF) HC (128/256), Panama, Rabbit (128/256), Sosemanuk, Salsa20 (8/12/20), XChaCha (8/12/20), XSalsa20
AES and AES candidates	AES (Rijndael), RC6, MARS, Twofish, Serpent, CAST-256
other block ciphers	ARIA, Blowfish, Camellia, CHAM, HIGHT, IDEA, Kalyna (128/256/512), LEA, SEED, RC5, SHACAL-2, SIMECK, SIMON (64/128), Skipjack, SPECK (64/128), Simeck, SM4,Threefish (256/512/1024), Triple-DES (DES-EDE2 and DES-EDE3), TEA, XTEA
block cipher modes of operation	ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter mode (CTR), XTS
message authentication codes	BLAKE2b, BLAKE2s, CMAC, CBC-MAC, DMAC, GMAC (GCM), HMAC, Poly1305, SipHash, Two-Track-MAC, VMAC
hash functions	BLAKE2b, BLAKE2s, Keccack (F1600), SHA-1, SHA-2, SHA-3, SHAKE (128/256), SipHash, Tiger, RIPEMD (128/160/256/320), SM3, WHIRLPOOL
public-key cryptography	RSA, DSA, Determinsitic DSA (RFC 6979), ElGamal, Nyberg-Rueppel (NR), Rabin-Williams (RW), EC-based German Digital Signature (ECGDSA), LUC, LUCELG, DLIES (variants of DHAES), ESIGN
padding schemes for public-key systems	PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363 EMSA2 and EMSA5
key agreement schemes	Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), Hashed MQV (HMQV), Fully Hashed MQV (FHMQV), LUCDIF, XTR-DH
elliptic curve cryptography	ECDSA, Determinsitic ECDSA (RFC 6979), ed25519, ECGDSA, ECNR, ECIES, x25519, ECDH, ECMQV
insecure or obsolescent algorithms retained for backwards compatibility and historical value	MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL 3.0, WAKE-OFB, DESX (DES-XEX3), RC2, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square

Other features include:

pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool, VIA Padlock, DARN, RDRAND, RDSEED, NIST Hash and HMAC DRBGs
password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5, PBKDF from PKCS #12 appendix B, HKDF from RFC 5869, Scrypt from RFC 7914
Shamir’s secret sharing scheme and Rabin’s information dispersal algorithm (IDA)
fast multi-precision integer (bignum) and polynomial operations
finite field arithmetics, including GF(p) and GF(2^n)
prime number generation and verification
useful non-cryptographic algorithms
- DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and zlib (RFC 1950) format support
- Hex, base-32, base-64, URL safe base-64 encoding and decoding
- 32-bit CRC, CRC-C and Adler32 checksum
class wrappers for these operating system features (optional):
- high resolution timers on Windows, Unix, and Mac OS
- /dev/random, /dev/urandom, /dev/srandom
- Microsoft’s CryptGenRandom and BCryptGenRandom on Windows
x86, x64 (x86-64), x32 (ILP32), ARM A-32, Aarch32, Aarch64, POWER4 and POWER8 code for the commonly used algorithms
- run-time CPU feature detection and code selection
- supports GCC-style and MSVC-style inline assembly, and MASM for x64
- x86, x64 (x86-64), x32 provides SSE2, SSE4 and AVX implementations
- ARM A-32, Aarch32 and Aarch64 provides ARMv7, NEON, ASIMD and ARMv8 implementations
- PowerPC provides POWER4, POWER7 and POWER8 implementations
- AES, CRC, GCM and SHA use ARM, Intel and PowerPC hardware acceleration when available
A high level interface for most of the above, using a filter/pipeline metaphore
benchmarks and validation testing

Crypto++ Library is copyrighted as a compilation and (as of version 5.6.2) licensed under the Boost Software License 1.0, while the individual files in the compilation are all public domain.

The current version of Crypto++ supports the following compilers:

Visual Studio 2003 – 2019
GCC 3.3 – 10.1
Apple Clang 4.3 – 9.0
LLVM Clang 2.9 – 10.0
C++ Builder 2015
Intel C++ Compiler 9 – 16.0
Sun Studio 12u1 – 12.6
IBM XL C/C++ 10.0 – 13.1

For detailed build status and notes on various compiler/OS/CPU combinations as well as information about compiling earlier versions of Crypto++, please see this wiki entry.

The following is a short list of recent releases and other news. For the complete list please see History.txt.

minor release, no recompile of programs required
expanded community input and support
- 56 unique contributors as of this release
use PowerPC unaligned loads and stores with Power8
add SKIPJACK test vectors
fix SHAKE-128 and SHAKE-256 compile
removed IS_NEON from Makefile
fix Aarch64 build on Fedora 29
fix missing GF2NT_233_Multiply_Reduce_CLMUL in FIPS DLL
add missing BLAKE2 constructors
fix missing BlockSize() in BLAKE2 classes

minor release, no recompile of programs required
expanded community input and support
- 56 unique contributors as of this release
fix OS X PowerPC builds with Clang
add Microsoft ARM64 support
fix iPhone Simulator build due to missign symbols
add CRYPTOPP_BUGGY_SIMD_LOAD_AND_STORE
add carryless multiplies for NIST b233 and k233 curves
fix OpenMP build due to use of OpenMP 4 with down-level compilers
add SignStream and VerifyStream for ed25519 and large files
fix missing AlgorithmProvider in PanamaHash
add SHAKE-128 and SHAKE-256
fix AVX2 build due to _mm256_broadcastsi128_si256
add IETF ChaCha, XChaCha, ChaChaPoly1305 and XChaChaPoly1305

major release, recompile of programs required
expanded community input and support
- 54 unique contributors as of this release
add x25519 key exchange and ed25519 signature scheme
add limited Asymmetric Key Package support from RFC 5958
add Power9 DARN random number generator support
add CHAM, HC-128, HC-256, Hight, LEA, Rabbit, Simeck
fix FixedSizeAllocatorWithCleanup may be unaligned on some platforms
cutover to GNU Make-based cpu feature tests
rename files with dashes to underscores
fix LegacyDecryptor and LegacyDecryptorWithMAC use wrong MAC
fix incorrect AES/CBC decryption on Windows
avoid Singleton when possible, avoid std::call_once completely
fix SPARC alignment problems due to GetAlignmentOf() on word64
add ARM AES asm implementation from Cryptogams
remove CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS support

major release, recompile of programs required
expanded community input and support
- 48 unique contributors as of this release
fix incorrect result when using Integer::InverseMod
- may be CVE worthy, but request was not submitted
fix ARIA/CTR bus error on Sparc64
fix incorrect result when using a_exp_b_mod_c
fix undeclared identifier uint32_t on early Visual Studio
fix iPhoneSimulator build on i386
fix incorrect adler32 in ZlibDecompressor
fix Power7 test using PPC_FEATURE_ARCH_2_06
workaround incorrect Glibc sysconf return value on ppc64-le
add KeyDerivationFunction interface
add scrypt key derivation function
add Salsa20_Core transform callable from outside class
add sbyte, sword16, sword32 and sword64
remove s_nullNameValuePairs from unnamed namespace
ported to MSVC 2017, Xcode 9.3, Sun Studio 12.5, GCC 8.0.1, MacPorts GCC 7.0, Clang 5.0, Intel C++ 17.00, IBM XL C/C++ 13.1

minor release, maintenance items
expanded community input and support
- 46 unique contributors as of this release
use 2048-bit modulus default for DSA
fix build under Linuxbrew
use /bin/sh in GNUmakefile
fix missing flags for SIMON and SPECK in GNUMakefile-cross
fix ARM and MinGW misdetection
port setenv-android.sh to latest NDK
fix Clang check for C++11 lambdas
convert Simon and Speck to little-endian implementation
use LIB_MAJOR for ABI compatibility
fix ODR violation in AdvancedProcessBlocks_{ARCH} templates
handle C++17 std::uncaught_exceptions
ported to MSVC 2017, Xcode 8.1, Sun Studio 12.5, GCC 8.0.1, MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1

Major release, recompile of programs required
expanded community input and support
- 43 unique contributors as of this release
fixed CVE-2016-9939 (Issue 346, transient DoS)
fixed CVE-2017-9434 (Issue 414, misidentified memory error)
converted to BASE+SIMD implementation
- BASE provides an architecture neutral C++ implementation
- SIMD provides architecture specific hardware acceleration
improved PowerPC Altivec, POWER7 and POWER8 support
added ARIA, EC German DSA, Deterministic signatures (RFC 6979), Kalyna, NIST Hash and HMAC DRBG, Padlock RNG, Poly1305, SipHash, Simon, Speck, SM3, SM4, Threefish algorithms
added NaCl interface from the compact library
- x25519 key exhange and ed25519 signing provided through NaCl interface
improved Testing and QA
ported to MSVC 2017, Xcode 8.1, Sun Studio 12.5, GCC 7.0, MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1

The downloads for the most recent Crypto++ libraries from the last several years are below. If you need older downloads, from Crypto++ 5.5 to Crypto++ 2.3, then visit the Downloads page. The Downloads page provides checksums for all releases hosted on the website. Release signatures can be verified using GnuPG according to Release Signing.

Remember to use the “-a” auto-convert text files option when unzipping on a Unix machine. After downloading, please read the Readme.txt included in the zip archive for build instructions and other important notes.

While You Are Downloading

Take a look at the related links page. It includes links to crypto libraries for other languages, products that use Crypto++, etc.
Consider the list of recommended books for Crypto++ users.
Examine the Crypto++ license agreement.
Read the Crypto++ User Guide.
Browse the Crypto++ Reference Manual.
View these Crypto++ class hierarchy charts to see how Crypto++ is organized. Note that these charts only include a small number of actual algorithms as examples.

Crypto++ is listed on the CMVP’s Historical Validation List. It effectively means the library is no longer validated. If you are interested in sponsoring a validation, then please send a message to the mailing list to start an offline conversation.

There are two mailing lists for Crypto++. The first is cryptopp-announce@googlegroups.com, and the second is cryptopp-users@googlegroups.com.

cryptopp-announce@googlegroups.com – Crypto++ administrative announcements (formerly at cryptopp-announce@lists.sourceforge.net)
cryptopp-users@googlegroups.com – Crypto++ library user questions and general discussions (alternate archives are available at The Mail Archive and Nabble)

As a courtesy, please join the discussion list with your real name instead of an online handle. Alternate webviews are for the lists are available at Crypto++ Announce – Google Groups and Crypto++ Users – Google Groups.

When posting a question to the Crypto++ user mailing list, please provide the following information, if applicable:

exact error message
stack trace (please copy from the call stack window of your debugger, or use the “bt” command in gdb)
a minimal program with a main() function, that reproduces the problem
version of Crypto++, operating system (output of “uname -a” command if using Unix), and compiler (output of “gcc -v” if using GCC)

Crypto++ attempts to resist side channel attacks using various remediations. We believe the library is hardened but the remdiations may be incomplete. The first line of defense uses hardware instructions when possible. The library also uses cache-aware algoirthms and access patterns to minimize leakage. If you suspect or find an information leak then please report it.

Crypto++ does not enagage Specter remediations at this time. The GCC options for Specter are -mfunction-return=thunk and -mindirect-branch=thunk. If you want the Specter workarounds then add the GCC options to your CXXFLAGS when building the library. The library tests uses the options and they should work as expected.

The source code and its planned changes are available at the following locations.

The Crypto++ GitHub repository allows you to view the latest (unreleased) Crypto++ source code via the Linux kernel’s git beginning around June 2015. Its also serves as an incubator to nuture and grow the library.
The Roadmap on the wiki provides the general direction the library is heading. It includes planned features and releases, and even some wishlist items.

Contributions of all types are welcomed. Contributions include the following.

Bug finding and fixes
Features and enhancements
Test scripts and test cases
Branch and release testing
Documentation and updates

If you think you have found a bug in the library, then you should discuss it on the Users mailing list. Discussing it will help bring the issue to the attention of folks who can help resolve the issue. If you want to contribute a bug fix to the library, then make a Pull Request or make a Diff available somewhere. Also see Bug Reports on the wiki.

Features and enhancements are welcomend additions to the library. This category tends to be time consuming because algorithms and their test cases need to be reviewed and merged. Please be mindful of the test cases, and attempt to procure them from an independent source.

The library cherishes test scripts and test cases. They ensure the library is fit and they help uncover issues with the library before users experience them. If you have some time, then write some test cases, especially the ones that are intended to break things.

Branch and release testing is your chance to ensure Master (and planned merges) meets your expectations and perform as expected. If you have a few spare cycles, then please test Master on your favorite platform. We need more testing on MinGW, Windows Phone, Windows Store, Solaris 10 (and below), and modern iOS and OS X (including TV and Watch builds).

Documentation and updates includes both the inline source code annotations using Doxygen, and the online information provided in the wiki. The wiki is more verbose and usually provides more contextual information than the API reference. Besides testing, documentation is one of the highest returns on investment.

If you are interested in paid support for Crypto++ or consulting on a Crypto++ related project, then please see this list of companies and individuals providing services on the wiki. This listing is a free service for the Crypto++ community, and anyone may sign up to be listed by creating an account on the wiki.