LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.

LibTomCrypt has been designed from the ground up to be very simple to use. It has a modular and standard API that allows new ciphers, hashes and PRNGs to be added or removed without change to the overall end application. It features easy to use functions and a complete user manual which has many source snippet examples.

LibTomCrypt is free for all purposes under the public domain. This includes commercial use, redistribution and even branching.

Supports the following:

  • Public domain and open source.
  • Written entirely in portable ISO C source (except for things like RNGs for natural reasons)
  • Builds out of the box on virtually every box. All that is required is GCC for the source to build.
  • Includes a 180+ page user manual in PDF format (with working examples in it)
  • Block Ciphers
    • Ciphers come with an ECB encrypt/decrypt, setkey and self-test interfaces.
    • All ciphers have the same prototype which facilitates using multiple ciphers at runtime.
    • Some of the ciphers are flexible in terms of code size and memory usage.
    • Ciphers Supported.
      • Blowfish
      • XTEA
      • RC5
      • RC6
      • SAFER+
      • Rijndael (aka AES)
      • Twofish
      • SAFER (K64, SK64, K128, SK128)
      • RC2
      • DES, 3DES
      • CAST5
      • Noekeon
      • Skipjack
      • Anubis (with optional tweak as proposed by the developers)
      • Khazad
      • KASUMI
      • SEED
  • Chaining Modes
    • Modes come with a start, encrypt/decrypt and set/get IV interfaces.
    • Mode supported.
    • ECB
    • CBC
    • OFB
    • CFB
    • CTR
    • IEEE LRW mode
    • F8 Chaining Mode
  • One-Way Hash Functions
    • Hashes come with init, process, done and self-test interfaces.
    • All hashes use the same prototypes for the interfaces.
    • Hashes supported.
    • MD2
    • MD4
    • MD5
    • SHA-1
    • SHA-224/256/384/512
    • TIGER-192
    • RIPE-MD 128/160/256/320
    • WHIRLPOOL
  • Message Authentication
    • FIPS-198 HMAC (supports all hashes)
    • CMAC, also known as OMAC1 (supports all ciphers)
    • PMAC Authentication
    • F9-MAC
    • Pelican MAC
  • Message Encrypt+Authenticate Modes
    • EAX Mode
    • OCB Mode
    • CCM Mode (NIST spec)
    • GCM Mode (IEEE spec)
  • Pseudo-Random Number Generators
    • Yarrow (based algorithm)
    • RC4
    • Support for /dev/random, /dev/urandom and the Win32 CSP RNG
    • Fortuna
    • SOBER-128
  • Public Key Algorithms
    • RSA (using PKCS #1 v1.5 and v2.1)
    • ECC (EC-DSA X9.62 signatures, X9.63 EC-DH)
      • With fast Fixed Point ECC support as well
      • X9.63 import/export of public keys
    • DSA (Users make their own groups)
    • The math routines are pluggable which means you can use your own math provider if you want.
  • Other standards
    • PKCS #1 (v1.5 and v2.1 padding)
    • PKCS #5
    • ASN.1 DER for SEQUENCE, INTEGER, BIT STRING, OCTET STRING, OBJECT IDENTIFIER, IA5 STRING, PRINTABLE STRING, UTCTIME, CHOICE and NULL types.
  • Portable code builds out of the box with a conforming C compiler
    • Builds out of the box with platform optimizations for i386 (x86_32, gcc and msvc), x86_64 and PPC32

LibTomCrypt builds out of the box with GCC 2.95 and up as well as Visual C++ v6.00 with SP5. It can be reconfigured to eliminate algorithms, use different build options (e.g. smaller or faster code) or use different build tools. It has been successfully tested on numerous platforms ranging from the x86 (Intel and AMD), ARM7TDMI, PowerPC and MIPS series of processors. The code is all endian neutral and uses only standard C syntax.