mirror of
https://github.com/shadps4-emu/ext-cryptopp.git
synced 2024-11-30 05:10:40 +00:00
27cbfe03d6
Trim History section in Readme.txt to most recent items Signed-off-by: Jeffrey Walton <noloader@gmail.com>
358 lines
18 KiB
Plaintext
358 lines
18 KiB
Plaintext
Crypto++: free C++ Class Library of Cryptographic Schemes
|
|
Version 6.0 - JAN/22/2018
|
|
|
|
Crypto++ Library is a free C++ class library of cryptographic schemes.
|
|
Currently the library contains the following algorithms:
|
|
|
|
algorithm type name
|
|
|
|
authenticated encryption schemes GCM, CCM, EAX
|
|
|
|
high speed stream ciphers ChaCha (ChaCha8/12/20), Panama, Sosemanuk,
|
|
Salsa20, XSalsa20
|
|
|
|
AES and AES candidates AES (Rijndael), RC6, MARS, Twofish, Serpent,
|
|
CAST-256
|
|
|
|
ARIA, IDEA, Blowfish, Triple-DES (DES-EDE2 and
|
|
DES-EDE3), Camellia, SEED, Kalyna(128/256/512),
|
|
other block ciphers RC5, SIMON-64, SIMON-128, SPECK-64, SPECK-128,
|
|
Skipjack, SHACAL-2, SM4, Threefish(256/512/1024),
|
|
TEA, XTEA
|
|
|
|
block cipher modes of operation ECB, CBC, CBC ciphertext stealing (CTS),
|
|
CFB, OFB, counter mode (CTR)
|
|
|
|
message authentication codes BLAKE2s, BLAKE2b, CMAC, CBC-MAC, DMAC, GMAC, HMAC,
|
|
Poly1305, SipHash, Two-Track-MAC, VMAC,
|
|
|
|
BLAKE2s, BLAKE2b, Keccack (F1600), SHA-1,
|
|
hash functions SHA-2(224/256/384/512), SHA-3(224/256/384/512),
|
|
SipHash, SM3, Tiger, RIPEMD-128, RIPEMD-160,
|
|
RIPEMD-256, RIPEMD-320, WHIRLPOOL
|
|
|
|
RSA, DSA, Determinsitic DSA, ElGamal,
|
|
public-key cryptography Nyberg-Rueppel (NR), Rabin-Williams (RW), LUC,
|
|
LUCELG, EC-based German Digital Signature (ECGDSA),
|
|
DLIES (variants of DHAES), ESIGN
|
|
|
|
padding schemes for public-key PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363
|
|
systems EMSA2 and EMSA5
|
|
|
|
Diffie-Hellman (DH), Unified Diffie-Hellman
|
|
key agreement schemes (DH2), Menezes-Qu-Vanstone (MQV), Hashed MQV (HMQV),
|
|
Fully Hashed MQV (FHMQV), LUCDIF, XTR-DH
|
|
|
|
elliptic curve cryptography ECDSA, Determinsitic ECDSA, ECNR, ECIES, ECDH, ECMQV
|
|
|
|
insecure or obsolescent MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL
|
|
algorithms retained for backwards 3.0, WAKE-OFB, DESX (DES-XEX3), RC2,
|
|
compatibility and historical SAFER, 3-WAY, GOST, SHARK, CAST-128, Square
|
|
value
|
|
|
|
Other features include:
|
|
|
|
* pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool,
|
|
VIA Padlock, RDRAND, RDSEED, NIST Hash and HMAC DRBGs
|
|
* password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5,
|
|
PBKDF from PKCS #12 appendix B, HKDF from RFC 5869
|
|
* Shamir's secret sharing scheme and Rabin's information dispersal algorithm
|
|
(IDA)
|
|
* fast multi-precision integer (bignum) and polynomial operations
|
|
* finite field arithmetics, including GF(p) and GF(2^n)
|
|
* prime number generation and verification
|
|
* useful non-cryptographic algorithms
|
|
+ DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and
|
|
zlib (RFC 1950) format support
|
|
+ Hex, base-32, base-64, URL safe base-64 encoding and decoding
|
|
+ 32-bit CRC, CRC-C and Adler32 checksum
|
|
* class wrappers for these platform and operating system features (optional):
|
|
+ high resolution timers on Windows, Unix, and Mac OS
|
|
+ Berkeley and Windows style sockets
|
|
+ Windows named pipes
|
|
+ /dev/random, /dev/urandom, /dev/srandom
|
|
+ Microsoft's CryptGenRandom or BCryptGenRandom on Windows
|
|
* A high level interface for most of the above, using a filter/pipeline
|
|
metaphor
|
|
* benchmarks and validation testing
|
|
* x86, x64 (x86-64), x32 (ILP32), ARM-32, Aarch32, Aarch64 and Power8 in-core code
|
|
for the commonly used algorithms
|
|
+ run-time CPU feature detection and code selection
|
|
+ supports GCC-style and MSVC-style inline assembly, and MASM for x64
|
|
+ x86, x64 (x86-64), x32 provides MMX, SSE2, and SSE4 implementations
|
|
+ ARM-32, Aarch32 and Aarch64 provides NEON, ASIMD and ARMv8 implementations
|
|
+ Power8 provides in-core AES using NX Crypto Acceleration
|
|
|
|
The Crypto++ library was orginally written by Wei Dai. The library is now
|
|
maintained by several team members and the community. You are welcome to use it
|
|
for any purpose without paying anyone, but see License.txt for the fine print.
|
|
|
|
The following compilers are supported for this release. Please visit
|
|
http://www.cryptopp.com the most up to date build instructions and porting notes.
|
|
|
|
* Visual Studio 2003 - 2017
|
|
* GCC 3.3 - 7.2
|
|
* Apple Clang 4.3 - 8.3
|
|
* LLVM Clang 2.9 - 4.0
|
|
* C++Builder 2010
|
|
* Intel C++ Compiler 9 - 16.0
|
|
* Sun Studio 12u1 - 12.5
|
|
* IBM XL C/C++ 10.0 - 13.1
|
|
|
|
*** Important Usage Notes ***
|
|
|
|
1. If a constructor for A takes a pointer to an object B (except primitive
|
|
types such as int and char), then A owns B and will delete B at A's
|
|
destruction. If a constructor for A takes a reference to an object B,
|
|
then the caller retains ownership of B and should not destroy it until
|
|
A no longer needs it.
|
|
|
|
2. Crypto++ is thread safe at the class level. This means you can use
|
|
Crypto++ safely in a multithreaded application, but you must provide
|
|
synchronization when multiple threads access a common Crypto++ object.
|
|
|
|
*** MSVC-Specific Information ***
|
|
|
|
To compile Crypto++ with MSVC, open "cryptest.sln" (for MSVC 2003 - 2015)
|
|
and build one or more of the following projects:
|
|
|
|
cryptest Non-DLL-Import Configuration - This builds the full static library
|
|
along with a full test driver.
|
|
cryptest DLL-Import Configuration - This builds a static library containing
|
|
only algorithms not in the DLL, along with a full test driver that uses
|
|
both the DLL and the static library.
|
|
cryptdll - This builds the DLL. Please note that if you wish to use Crypto++
|
|
as a FIPS validated module, you must use a pre-built DLL that has undergone
|
|
the FIPS validation process instead of building your own.
|
|
dlltest - This builds a sample application that only uses the DLL.
|
|
|
|
The DLL used to provide FIPS validated cryptography. The library was moved
|
|
to the CMVP's <A HREF=
|
|
"http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-historical.htm">
|
|
Historical Validation List</A>. The library and the DLL are no longer considered
|
|
validated. You should no longer use the DLL.
|
|
|
|
To use the Crypto++ DLL in your application, #include "dll.h" before including
|
|
any other Crypto++ header files, and place the DLL in the same directory as
|
|
your .exe file. dll.h includes the line #pragma comment(lib, "cryptopp")
|
|
so you don't have to explicitly list the import library in your project
|
|
settings. To use a static library form of Crypto++, make the "cryptlib"
|
|
project a dependency of your application project, or specify it as
|
|
an additional library to link with in your project settings.
|
|
In either case you should check the compiler options to
|
|
make sure that the library and your application are using the same C++
|
|
run-time libraries and calling conventions.
|
|
|
|
*** DLL Memory Management ***
|
|
|
|
Because it's possible for the Crypto++ DLL to delete objects allocated
|
|
by the calling application, they must use the same C++ memory heap. Three
|
|
methods are provided to achieve this.
|
|
1. The calling application can tell Crypto++ what heap to use. This method
|
|
is required when the calling application uses a non-standard heap.
|
|
2. Crypto++ can tell the calling application what heap to use. This method
|
|
is required when the calling application uses a statically linked C++ Run
|
|
Time Library. (Method 1 does not work in this case because the Crypto++ DLL
|
|
is initialized before the calling application's heap is initialized.)
|
|
3. Crypto++ can automatically use the heap provided by the calling application's
|
|
dynamically linked C++ Run Time Library. The calling application must
|
|
make sure that the dynamically linked C++ Run Time Library is initialized
|
|
before Crypto++ is loaded. (At this time it is not clear if it is possible
|
|
to control the order in which DLLs are initialized on Windows 9x machines,
|
|
so it might be best to avoid using this method.)
|
|
|
|
When Crypto++ attaches to a new process, it searches all modules loaded
|
|
into the process space for exported functions "GetNewAndDeleteForCryptoPP"
|
|
and "SetNewAndDeleteFromCryptoPP". If one of these functions is found,
|
|
Crypto++ uses methods 1 or 2, respectively, by calling the function.
|
|
Otherwise, method 3 is used.
|
|
|
|
*** Linux and Unix-like Specific Information ***
|
|
|
|
A makefile is included for you to compile Crypto++ with GCC and compatibles.
|
|
Make sure you are using GNU Make and GNU ld. The make process will produce
|
|
two files, libcryptopp.a and cryptest.exe. Run "cryptest.exe v" for the
|
|
validation suite and "cryptest.exe tv all" for additional test vectors.
|
|
|
|
The makefile uses '-DNDEBUG -g2 -O2' CXXFLAGS by default. If you use an
|
|
alternate build system, like Autotools or CMake, then ensure the build system
|
|
includes '-DNDEBUG' for production or release builds. The Crypto++ library uses
|
|
asserts for debugging and diagnostics during development; it does not
|
|
rely on them to crash a program at runtime.
|
|
|
|
If an assert triggers in production software, then unprotected sensitive
|
|
information could be egressed from the program to the filesystem or the
|
|
platform's error reporting program, like Apport on Ubuntu or CrashReporter
|
|
on Apple.
|
|
|
|
The makefile orders object files to help remediate problems associated with
|
|
C++ static initialization order. The library does not use custom linker scripts.
|
|
If you use an alternate build system, like Autotools or CMake, and collect source
|
|
files into a list, then ensure these three are at the head of the list: 'cryptlib.cpp
|
|
cpu.cpp integer.cpp <other sources>'. They should be linked in the same order:
|
|
'cryptlib.o cpu.o integer.o <other objects>'.
|
|
|
|
If your linker supports initialization attributes, like init_priority, then you can
|
|
define CRYPTOPP_INIT_PRIORITY to control object initialization order. Set it to a
|
|
value like 250. User programs can use CRYPTOPP_USER_PRIORITY to avoid conflicts with
|
|
library values. Initialization attributes are more reliable than object file ordering,
|
|
but its not ubiquitously supported by linkers.
|
|
|
|
The makefile links to the static version of the Crypto++ library to avoid binary
|
|
planting and other LD_PRELOAD tricks. You should use the static version of the
|
|
library in your programs to help avoid unwanted redirections.
|
|
|
|
*** Side Channel Attacks ***
|
|
|
|
Crypto++ attempts to resist side channel attacks using various remediations. We
|
|
believe the library is hardened but the remdiations may be incomplete. The first
|
|
line of defense uses hardware instructions when possible. The library also uses
|
|
cache-aware algoirthms and access patterns to minimize leakage. If you suspect
|
|
or find an information leak then please report it.
|
|
|
|
*** Documentation and Support ***
|
|
|
|
Crypto++ is documented through inline comments in header files, which are
|
|
processed through Doxygen to produce an HTML reference manual. You can find
|
|
a link to the manual from http://www.cryptopp.com. Also at that site is
|
|
the Crypto++ FAQ, which you should browse through before attempting to
|
|
use this library, because it will likely answer many of questions that
|
|
may come up. Finally, the site provide the wiki which has many topics
|
|
and code examples.
|
|
|
|
If you run into any problems, please try the Crypto++ mailing list.
|
|
The subscription information and the list archive are available on
|
|
http://www.cryptopp.com.
|
|
|
|
*** Source Code and Contributing ***
|
|
|
|
The source code and its planned changes are available at the following locations.
|
|
|
|
* The Crypto++ GitHub repository allows you to view the latest (unreleased)
|
|
Crypto++ source code via the Linux kernel's git beginning around June 2015.
|
|
Its also serves as an incubator to nuture and grow the library.
|
|
* The former Crypto++ SourceForge repository allows you to view the Crypto++
|
|
source code via Apache's subversion until about July 2015. At that time,
|
|
SourceForge had infrastructure problems and a cutover to GutHub was performed.
|
|
* The Roadmap on the wiki provides the general direction the library is heading.
|
|
It includes planned features and releases, and even some wishlist items.
|
|
|
|
Contributions of all types are welcomed. Contributions include the following.
|
|
|
|
* Bug finding and fixes
|
|
* Features and enhancements
|
|
* Test scripts and test cases
|
|
* Branch and release testing
|
|
* Documentation and updates
|
|
|
|
If you think you have found a bug in the library, then you should discuss it on the
|
|
Users mailing list. Discussing it will help bring the issue to the attention of folks
|
|
who can help resolve the issue. If you want to contribute a bug fix to the library,
|
|
then make a Pull Request or make a Diff available somewhere. Also see Bug Reports on
|
|
the wiki.
|
|
|
|
Features and enhancements are welcomend additions to the library. This category tends
|
|
to be time consuming because algorithms and their test cases need to be reviewed and
|
|
merged. Please be mindful of the test cases, and attempt to procure them from an
|
|
independent source.
|
|
|
|
The library cherishes test scripts and test cases. They ensure the library is fit and
|
|
they help uncover issues with the library before users experience them. If you have
|
|
some time, then write some test cases, especially the ones that are intended to break
|
|
things.
|
|
|
|
Branch and release testing is your chance to ensure Master (and planned merges) meets
|
|
your expectations and perform as expected. If you have a few spare cycles, then please
|
|
test Master on your favorite platform. We need more testing on MinGW, Windows Phone,
|
|
Windows Store, Solaris 10 (and below), and modern iOS and OS X (including TV and
|
|
Watch builds).
|
|
|
|
Documentation and updates includes both the inline source code annotations using
|
|
Doxygen, and the online information provided in the wiki. The wiki is more verbose and
|
|
usually provides more contextual information than the API reference. Besides testing,
|
|
documentation is one of the highest returns on investment.
|
|
|
|
*** History ***
|
|
|
|
The items in this section comprise the most recent history. Please see History.txt
|
|
for the record back to Crypto++ 1.0.
|
|
|
|
5.6.4 - maintenance release, honored API/ABI/Versioning requirements
|
|
- expanded community input and support
|
|
* 22 unique contributors for this release
|
|
- fixed CVE-2016-3995
|
|
- changed SHA3 to FIPS 202 (F1600, XOF d=0x06)
|
|
- added Keccak (F1600, XOF d=0x01)
|
|
- added ChaCha (ChaCha8/12/20)
|
|
- added HMQV and FHMQV
|
|
* Hashed and Fully Hashed MQV
|
|
- added BLAKE2 (BLAKE2s and BLAKE2b)
|
|
* C++, SSE2, SSE4, ARM NEON and ARMv8 ASIMD
|
|
- added CRC32-C
|
|
* C/C++, Amd64 CRC, and ARMv8 CRC
|
|
- improved Rabin-William signatures
|
|
* Tweaked roots <em>e</em> and <em>f</em>
|
|
- improved C++11 support
|
|
* atomics, threads and fences
|
|
* alginof, alignas
|
|
* constexpr
|
|
* noexcept
|
|
- improved GCM mode
|
|
* ARM NEON and ARMv8 ASIMD
|
|
* ARMv8 carry-less multiply
|
|
- improved Windows 8 and 10 support
|
|
* Windows Phone, Universal Windows Platform, Windows Store
|
|
- improved MIPS, ARMv7 and ARMv8 support
|
|
* added scripts setenv-{android|embedded|ios}.sh for GNUmakefile-cross
|
|
* aggressive use of -march=<arch> and -mfpu=<fpu> in cryptest.sh
|
|
- improved build systems
|
|
* Visual Studio 2010 default
|
|
* added CMake support (lacks FindCryptopp.cmake)
|
|
* archived VC++ 5/0/6.0 project files (vc60.zip)
|
|
* archived VS2005 project files (vs2005.zip)
|
|
* archived Borland project files (bds10.zip)
|
|
- improved Testing and QA
|
|
* expanded platforms and compilers
|
|
* added code generation tests based on CPU features
|
|
* added C++03, C++11, C++14, C++17 testing
|
|
* added -O3, -O5, -Ofast and -Os testing
|
|
- ported to MSVC 2015 SP3, Xcode 9.0, Sun Studio 12.5, GCC 7.0,
|
|
MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00
|
|
|
|
5.6.5 - maintenance release, recompile of programs recommended
|
|
- expanded community input and support
|
|
* 25 unique contributors as of this release
|
|
- fixed CVE-2016-7420 (Issue 277, document NDEBUG for production/release)
|
|
- fixed CVE-2016-7544 (Issue 302, avoid _malloca and _freea)
|
|
- shipped library in recommended state
|
|
* backwards compatibility achieved with <config.compat>
|
|
- Visual Studio project file cleanup
|
|
* improved X86 and X64 MSBuild support
|
|
* added ARM-based MSBuild awareness
|
|
- improved Testing and QA
|
|
* expanded platforms and compilers
|
|
* expanded Coverity into OS X and Windows platforms
|
|
* added Windows test scripts using Strawberry Perl
|
|
- ported to MSVC 2015 SP3, Xcode 7.3, Sun Studio 12.5, GCC 7.0,
|
|
MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00
|
|
|
|
6.0.0 - Major release, recompile of programs required
|
|
- expanded community input and support
|
|
* 43 unique contributors as of this release
|
|
- fixed CVE-2016-9939 (Issue 346, transient DoS)
|
|
- fixed CVE-2017-9434 (Issue 414, misidentified memory error)
|
|
- converted to BASE+SIMD implementation
|
|
* BASE provides an architecture neutral C++ implementation
|
|
* SIMD provides architecture specific hardware acceleration
|
|
- improved PowerPC Power4, Power7 and Power8 support
|
|
- added ARIA, EC German DSA, Deterministic signatures (RFC 6979),
|
|
Kalyna, NIST Hash and HMAC DRBG, Padlock RNG, Poly1305, SipHash,
|
|
Simon, Speck, SM3, SM4, Threefish algorithms
|
|
- added NaCl interface from the compact library
|
|
* x25519 key exhange and ed25519 signing provided through NaCl interface
|
|
- improved Testing and QA
|
|
- ported to MSVC 2017, Xcode 8.1, Sun Studio 12.5, GCC 7.0,
|
|
MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1
|
|
|
|
Written by Wei Dai and the Crypto++ Project
|