1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-19 18:15:18 -07:00
libsodium/README.markdown

192 lines
6.4 KiB
Markdown
Raw Normal View History

2013-04-25 23:43:19 -07:00
[![Build Status](https://travis-ci.org/jedisct1/libsodium.png?branch=master)](https://travis-ci.org/jedisct1/libsodium?branch=master)
2013-01-31 00:25:02 -07:00
![libsodium](https://raw.github.com/jedisct1/libsodium/master/logo.png)
2013-01-31 00:16:54 -07:00
============
2013-01-20 01:03:34 -07:00
2013-01-20 17:56:17 -07:00
[NaCl](http://nacl.cr.yp.to/) (pronounced "salt") is a new easy-to-use
high-speed software library for network communication, encryption,
decryption, signatures, etc.
2013-01-20 01:03:34 -07:00
2013-01-20 17:56:17 -07:00
NaCl's goal is to provide all of the core operations needed to build
higher-level cryptographic tools.
2013-01-20 17:58:41 -07:00
Sodium is a portable, cross-compilable, installable, packageable,
API-compatible version of NaCl.
2013-01-20 17:56:17 -07:00
2013-01-21 21:34:14 -07:00
## Portability
2013-01-20 17:56:17 -07:00
In order to pick the fastest working implementation of each primitive,
NaCl performs tests and benchmarks at compile-time. Unfortunately, the
2013-03-06 20:46:09 -07:00
resulting library is not guaranteed to work on different hardware.
2013-01-20 17:56:17 -07:00
Sodium only ships portable reference implementations.
2013-01-20 17:56:17 -07:00
Optimized implementations (including NEON optimizations) will eventually
be supported, but tests and benchmarks will be performed at run-time,
so that the same binary package can still run everywhere.
Sodium is tested on a variety of compilers and operating systems,
including Windows, iOS and Android.
2013-01-21 21:34:14 -07:00
## Installation
2013-01-20 17:56:17 -07:00
2013-03-06 20:46:09 -07:00
Sodium is a shared library with a machine-independent set of
2013-01-20 17:56:17 -07:00
headers, so that it can easily be used by 3rd party projects.
The library is built using autotools, making it easy to package.
Installation is trivial, and both compilation and testing can take
2013-01-21 21:34:14 -07:00
advantage of multiple CPU cores.
Download a
[tarball of libsodium](http://download.dnscrypt.org/libsodium/releases/),
2013-01-21 21:34:14 -07:00
then follow the ritual:
2013-01-20 17:56:17 -07:00
./configure
make && make check && make install
2013-01-20 17:56:17 -07:00
## Comparison with vanilla NaCl
2013-01-20 17:57:26 -07:00
Sodium does not ship C++ bindings. These might be part of a distinct
package.
2013-01-20 17:56:17 -07:00
The default public-key signature system in NaCl was a prototype that
shouldn't be used any more.
Sodium ships with the SUPERCOP reference implementation of
[Ed25519](http://ed25519.cr.yp.to/), and uses this system by default
for `crypto_sign*` operations.
For backward compatibility, the previous system is still compiled in,
as `crypto_sign_edwards25519sha512batch*`.
## Additional features
The Sodium library provides some convenience functions in order to retrieve
the current version of the package and of the shared library:
2013-01-20 17:56:17 -07:00
const char *sodium_version_string(void);
const int sodium_library_version_major(void);
const int sodium_library_version_minor(void);
2013-01-20 17:56:17 -07:00
Headers are installed in `${prefix}/include/sodium`.
A convenience header includes everything you need to use the library:
#include <sodium.h>
2013-01-20 13:10:51 -07:00
2013-04-23 14:18:45 -07:00
This is not required, however, before any other libsodium function, you can
call:
sodium_init();
2013-04-23 14:18:45 -07:00
This will pick optimized implementations of some primitives, if they
appear to work as expected after running some tests, and these will be
used for subsequent operations. It only need to be called once.
This function is not thread-safe. No other Sodium functions should be
2013-04-23 14:18:45 -07:00
called until it successfully returns. In a multithreading environment,
if, for some reason, you really need to call `sodium_init()` while some
other Sodium functions may be running in different threads, add locks
accordingly (both around `sodium_init()` and around other functions).
2013-01-21 15:15:23 -07:00
Sodium also provides helper functions to generate random numbers,
leveraging `/dev/urandom` or `/dev/random` on *nix and the cryptographic
service provider on Windows. The interface is similar to
`arc4random(3)`. It is `fork(2)`-safe but not thread-safe. This holds
true for `crypto_sign_keypair()` as well.
2013-01-21 15:15:23 -07:00
uint32_t randombytes_random(void);
Return a random 32-bit unsigned value.
void randombytes_stir(void);
Generate a new key for the pseudorandom number generator. The file
descriptor for the entropy source is kept open, so that the generator
can be reseeded even in a chroot() jail.
uint32_t randombytes_uniform(const uint32_t upper_bound);
Return a value between 0 and upper_bound using a uniform distribution.
void randombytes_buf(void * const buf, const size_t size);
Fill the buffer `buf` with `size` random bytes.
int randombytes_close(void);
Close the file descriptor or the handle for the cryptographic service
provider.
A custom implementation of these functions can be registered with
`randombytes_set_implementation()`.
2013-01-21 20:57:11 -07:00
In addition, Sodium provides a function to securely wipe a memory
region:
void sodium_memzero(void * const pnt, const size_t size);
Warning: if a region has been allocated on the heap, you still have
to make sure that it can't get swapped to disk, possibly using
`mlock(2)`.
2013-04-23 14:18:45 -07:00
In order to compare memory zones in constant time, Sodium proides:
int sodium_memcmp(const void * const b1_, const void * const b2_,
size_t size);
## New operations
### crypto_shorthash
A lot of applications and programming language implementations have
been recently found to be vulnerable to denial-of-service attacks when
a hash function with weak security guarantees, like Murmurhash 3, was
used to construct a hash table.
In order to address this, Sodium provides the “shorthash” function,
currently implemented using SipHash-2-4. This very fast hash function
outputs short, but unpredictable (without knowing the secret key)
values suitable for picking a list in a hash table for a given key.
See `crypto_shorthash.h` for details.
### crypto_generichash
This hash function provides:
* A variable output length (up to `crypto_generichash_BYTES_MAX` bytes)
* A variable key length (from no key at all to
`crypto_generichash_KEYBYTES_MAX` bytes)
* A simple interface as well as a streaming interface.
`crypto_generichash` is currently being implemented using
[Blake2](https://blake2.net/).
## Constants available as functions
In addition to constants for key sizes, output sizes and block sizes,
Sodium provides these values through function calls, so that using
them from different languages is easier.
2013-01-21 20:57:11 -07:00
## Bindings for other languages
* Ruby: [RbNaCl](https://github.com/cryptosphere/rbnacl)
2013-03-02 22:29:28 -07:00
* Python: [PyNaCl](https://github.com/dstufft/pynacl)
2013-03-30 21:55:45 -07:00
* Java: [Kalium](https://github.com/abstractj/kalium)
2013-04-24 07:25:34 -07:00
* Julia: [Sodium.jl](https://github.com/amitmurthy/Sodium.jl)
2013-04-24 15:17:50 -07:00
* Erlang: [Erlang-NaCl](https://github.com/tonyg/erlang-nacl)
2013-01-21 20:57:11 -07:00
2013-03-17 23:22:40 -07:00
## CurveCP
CurveCP tools are part of a different project,
[libchloride](https://github.com/jedisct1/libchloride)
2013-02-23 16:21:45 -07:00
## Mailing list
A mailing-list is available to discuss libsodium.
In order to join, just send a random mail to `sodium-subscribe` {at}
2013-02-23 16:22:53 -07:00
`pureftpd`{dot}`org`.