package nocrypto

  1. Overview
  2. Docs

Description

nocrypto is a small cryptographic library that puts emphasis on the applicative style and ease of use. It includes basic ciphers (AES, 3DES, RC4), hashes (MD5, SHA1, SHA2), public-key primitives (RSA, DSA, DH) and a strong RNG (Fortuna).

RSA timing attacks are countered by blinding. AES timing attacks are avoided by delegating to AES-NI.

Tags

org:mirage

Published: 03 Nov 2019

README

nocrypto - Simpler crypto

v0.5.4

nocrypto is a small cryptographic library that puts emphasis on the applicative style and ease of use. It includes basic ciphers (AES, 3DES, RC4), hashes (MD5, SHA1, SHA2), public-key primitives (RSA, DSA, DH) and a strong RNG (Fortuna).

RSA timing attacks are countered by blinding. AES timing attacks are avoided by delegating to AES-NI.

Documentation

Interface is documented. Also online.

Build

  --with-unix BOOL
  --with-lwt BOOL
  --xen BOOL
  --freestanding BOOL

./pkg/pkg.ml test

FAQ

RNG seeding

If RNG fails with Fatal error: exception Uncommon.Boot.Unseeded_generator, you need to seed it.

Unix:

let () = Nocrypto_entropy_unix.initialize ()

Unix/Lwt:

let () = Nocrypto_entropy_lwt.initialize () |> ignore
Illegal instructions
Program terminated with signal SIGILL, Illegal instruction.
#0  _mm_aeskeygenassist_si128 (__C=<optimized out>, __X=...)

Nocrypto has CPU acceleration support (SSE2+AES-NI), but no run-time autodetection yet. You compiled the library with acceleration, but you are using it on a machine that does not support it.

pkg/pkg.ml build --accelerate false force-disables non-portable code.

pkg/pkg.ml build --accelerate true force-enables non-portable code.

The flag can also be set via the NOCRYPTO_ACCELERATE environment variable. When unset, it maches the capabilities of the build machine.

Dependencies (19)

  1. zarith-freestanding
  2. mirage-solo5
  3. mirage-no-solo5
  4. zarith-xen
  5. mirage-xen >= "2.2.0" & < "6.0.0"
  6. mirage-no-xen
  7. sexplib != "v0.9.0"
  8. lwt
  9. zarith
  10. cstruct-lwt
  11. cstruct >= "3.0.0" & < "6.1.0"
  12. ppx_sexp_conv >= "113.33.01" & != "v0.11.0"
  13. ppx_deriving >= "4.2"
  14. ocb-stubblr build & >= "0.1.0"
  15. cpuid build & >= "0.1.2"
  16. topkg build & >= "0.9.1"
  17. ocamlbuild build
  18. ocamlfind build
  19. ocaml >= "4.02.0" & != "4.08.0"

Dev Dependencies (1)

  1. ounit with-test

Used by (42)

  1. arp < "1.0.0"
  2. aws >= "1.0.0" & < "1.2"
  3. aws-s3 < "3.0.0"
  4. certify < "0.3.3"
  5. conex < "0.10.0"
  6. conex-nocrypto
  7. cuid >= "0.2"
  8. current_github < "0.2"
  9. datakit-bridge-github
  10. datakit-github < "0.9.0"
  11. dns-cli < "4.4.0"
  12. dns-server < "4.4.0"
  13. dns-tsig < "4.4.0"
  14. gemini
  15. git >= "1.3.0" & != "1.10.0" & < "2.1.3"
  16. git-mirage < "2.1.3"
  17. git-unix != "2.1.0" & < "2.1.3"
  18. github-hooks
  19. hkdf < "1.0.4"
  20. irmin >= "0.9.0" & < "0.9.6"
  21. jupyter < "1.0.0"
  22. jupyter-kernel < "0.4"
  23. letsencrypt < "0.2.1"
  24. mirage-block-ccm < "1.1.0"
  25. monorobot
  26. nocoiner
  27. noise
  28. osbx
  29. otr >= "0.3.1" & < "0.3.7"
  30. pbkdf < "1.1.0"
  31. rfc6287 >= "1.0.2" & < "1.0.4"
  32. salsa20 < "1.1.0"
  33. salsa20-core < "0.3.0"
  34. scrypt-kdf < "1.1.0"
  35. session < "0.5.0"
  36. sihl >= "3.0.0"
  37. ssh-agent < "0.2.1"
  38. tls = "0.6.0" | >= "0.7.1" & < "0.11.0"
  39. tlstunnel
  40. ulid
  41. websocket >= "2.0.0" & < "2.3"
  42. x509 >= "0.5.1" & < "0.10.0"

Conflicts

None