nocrypto

Simpler crypto
README

v0.5.4

nocrypto is a small cryptographic library that puts emphasis on the applicative
style and ease of use. It includes basic ciphers (AES, 3DES, RC4), hashes (MD5,
SHA1, SHA2), public-key primitives (RSA, DSA, DH) and a strong RNG (Fortuna).

RSA timing attacks are countered by blinding. AES timing attacks are avoided by
delegating to AES-NI.

Documentation

Interface is documented. Also online.

Build

  --with-unix BOOL
  --with-lwt BOOL
  --xen BOOL
  --freestanding BOOL

./pkg/pkg.ml test

FAQ

RNG seeding

If RNG fails with Fatal error: exception Uncommon.Boot.Unseeded_generator, you
need to seed it.

Unix:

let () = Nocrypto_entropy_unix.initialize ()

Unix/Lwt:

let () = Nocrypto_entropy_lwt.initialize () |> ignore
Illegal instructions
Program terminated with signal SIGILL, Illegal instruction.
#0  _mm_aeskeygenassist_si128 (__C=<optimized out>, __X=...)

Nocrypto has CPU acceleration support (SSE2+AES-NI), but no run-time
autodetection yet. You compiled the library with acceleration, but you are using
it on a machine that does not support it.

pkg/pkg.ml build --accelerate false force-disables non-portable code.

pkg/pkg.ml build --accelerate true force-enables non-portable code.

The flag can also be set via the NOCRYPTO_ACCELERATE environment variable.
When unset, it maches the capabilities of the build machine.

Install
Sources
nocrypto-0.5.4.tbz
md5=c331a7a4d2a563d1d5ed581aeb849011
Dependencies
mirage-xen
>= "2.2.0" & < "6.0.0"
sexplib
!= "v0.9.0"
cstruct
>= "3.0.0" & < "6.1.0"
ounit
with-test
ppx_sexp_conv
>= "113.33.01" & != "v0.11.0"
ocb-stubblr
build & >= "0.1.0"
cpuid
build & >= "0.1.2"
topkg
build & >= "0.9.1"
ocaml
>= "4.02.0" & != "4.08.0"
Reverse Dependencies
arp
< "1.0.0"
aws
>= "1.0.0" & < "1.2"
aws-s3
< "3.0.0"
certify
< "0.3.3"
conex
< "0.10.0"
cuid
>= "0.2"
dns-cli
< "4.4.0"
dns-server
< "4.4.0"
dns-tsig
< "4.4.0"
git
>= "1.3.0" & != "1.10.0" & < "2.1.3"
git-mirage
< "2.1.3"
git-unix
!= "2.1.0" & < "2.1.3"
hkdf
< "1.0.4"
irmin
>= "0.9.0" & < "0.9.6"
jupyter
< "1.0.0"
letsencrypt
< "0.2.1"
otr
>= "0.3.1" & < "0.3.7"
pbkdf
< "1.1.0"
rfc6287
>= "1.0.2" & < "1.0.4"
salsa20
< "1.1.0"
salsa20-core
< "0.3.0"
scrypt-kdf
< "1.1.0"
session
< "0.5.0"
sihl
>= "3.0.0"
ssh-agent
< "0.2.1"
tls
= "0.6.0" | >= "0.7.1" & < "0.11.0"
websocket
>= "2.0.0" & < "2.3"
x509
>= "0.5.1" & < "0.10.0"