nocrypto - Simpler crypto
nocrypto is a small cryptographic library that puts emphasis on the applicative style and ease of use. It includes basic ciphers (AES, 3DES, RC4), hashes (MD5, SHA1, SHA2 family), AEAD primitives (AES-GCM, AES-CCM), public-key primitives (RSA, DSA, DH) and a strong RNG (Fortuna).
RSA timing attacks are countered by blinding. AES timing attacks are avoided by delegating to AES-NI.
./pkg/pkg.ml build --with-unix BOOL --with-lwt BOOL --xen BOOL --freestanding BOOL ./pkg/pkg.ml test
If RNG fails with
Fatal error: exception Uncommon.Boot.Unseeded_generator, you
need to seed it.
let () = Nocrypto_entropy_unix.initialize ()
let () = Nocrypto_entropy_lwt.initialize () |> ignore
Program terminated with signal SIGILL, Illegal instruction. #0 _mm_aeskeygenassist_si128 (__C=<optimized out>, __X=...)
Nocrypto has CPU acceleration support (
AES-NI), but no run-time
autodetection yet. You compiled the library with acceleration, but you are using
it on a machine that does not support it.
pkg/pkg.ml build --accelerate false force-disables non-portable code.
pkg/pkg.ml build --accelerate true force-enables non-portable code.
The flag can also be set via the
NOCRYPTO_ACCELERATE environment variable.
When unset, it maches the capabilities of the build machine.