nocrypto - Simpler crypto
%%VERSION%%
nocrypto is a small cryptographic library that puts emphasis on the applicative style and ease of use. It includes basic ciphers (AES, 3DES, RC4), hashes (MD5, SHA1, SHA2 family), AEAD primitives (AES-GCM, AES-CCM), public-key primitives (RSA, DSA, DH) and a strong RNG (Fortuna).
RSA timing attacks are countered by blinding. AES timing attacks are avoided by delegating to AES-NI.
Documentation
Interface is documented. Also online.
Build
./pkg/pkg.ml build
--with-unix BOOL
--with-lwt BOOL
--xen BOOL
--freestanding BOOL
./pkg/pkg.ml test
FAQ
RNG seeding
If RNG fails with Fatal error: exception Uncommon.Boot.Unseeded_generator
, you
need to seed it.
Unix:
let () = Nocrypto_entropy_unix.initialize ()
Unix/Lwt:
let () = Nocrypto_entropy_lwt.initialize () |> ignore
Illegal instructions
Program terminated with signal SIGILL, Illegal instruction.
#0 _mm_aeskeygenassist_si128 (__C=<optimized out>, __X=...)
Nocrypto
has CPU acceleration support (SSE2
+AES-NI
), but no run-time
autodetection yet. You compiled the library with acceleration, but you are using
it on a machine that does not support it.
pkg/pkg.ml build --accelerate false
force-disables non-portable code.
pkg/pkg.ml build --accelerate true
force-enables non-portable code.
The flag can also be set via the NOCRYPTO_ACCELERATE
environment variable.
When unset, it maches the capabilities of the build machine.