https://github.com/mirleft/ocaml-nocrypto

OCaml cryptographic library
https://github.com/mirleft/ocaml-nocrypto

Last synced: about 1 year ago
JSON representation

OCaml cryptographic library

• Host: GitHub
• URL: https://github.com/mirleft/ocaml-nocrypto
• Owner: mirleft
• License: isc
• Created: 2014-02-23T16:02:49.000Z (over 12 years ago)
• Default Branch: master
• Last Pushed: 2020-04-17T14:17:03.000Z (about 6 years ago)
• Last Synced: 2025-03-31T14:11:19.294Z (about 1 year ago)
• Language: OCaml
• Homepage:
• Size: 4.24 MB
• Stars: 111
• Watchers: 16
• Forks: 53
• Open Issues: 42
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGES.md
  • License: LICENSE.md

Awesome Lists containing this project

• awesome-ocaml - nocrypto - tls project. It is built to be straightforward to use, adhere to functional programming principles, and able to run in a Xen-based unikernel. (Security and Cryptography)

README

          
# nocrypto - Simpler crypto

%%VERSION%%

nocrypto is a small cryptographic library that puts emphasis on the applicative

style and ease of use. It includes basic ciphers (AES, 3DES, RC4), hashes (MD5,

SHA1, SHA2 family), AEAD primitives (AES-GCM, AES-CCM), public-key primitives

(RSA, DSA, DH) and a strong RNG (Fortuna).

RSA timing attacks are countered by blinding. AES timing attacks are avoided by

delegating to AES-NI.

## Documentation

[Interface][nocrypto-mli] is documented. Also [online][doc].

[nocrypto-mli]: https://github.com/mirleft/ocaml-nocrypto/blob/master/src/nocrypto.mli

[doc]: http://mirleft.github.io/ocaml-nocrypto/doc

## Build

```bash

./pkg/pkg.ml build

  --with-unix BOOL

  --with-lwt BOOL

  --xen BOOL

  --freestanding BOOL

./pkg/pkg.ml test

```

## FAQ

#### RNG seeding

If RNG fails with `Fatal error: exception Uncommon.Boot.Unseeded_generator`, you

need to [seed][doc-entropy] it.

Unix:

```OCaml

let () = Nocrypto_entropy_unix.initialize ()

```

Unix/Lwt:

```OCaml

let () = Nocrypto_entropy_lwt.initialize () |> ignore

```

[doc-entropy]: http://mirleft.github.io/ocaml-nocrypto/Nocrypto_entropy_unix.html

#### Illegal instructions

```

Program terminated with signal SIGILL, Illegal instruction.

#0  _mm_aeskeygenassist_si128 (__C=, __X=...)

```

`Nocrypto` has CPU acceleration support (`SSE2`+`AES-NI`), but no run-time

autodetection yet. You compiled the library with acceleration, but you are using

it on a machine that does not support it.

`pkg/pkg.ml build --accelerate false` force-disables non-portable code.

`pkg/pkg.ml build --accelerate true` force-enables non-portable code.

The flag can also be set via the `NOCRYPTO_ACCELERATE` environment variable.

When unset, it maches the capabilities of the build machine.

[![Build Status](https://travis-ci.org/mirleft/ocaml-nocrypto.svg?branch=master)](https://travis-ci.org/mirleft/ocaml-nocrypto)