urbit/pkg/urcrypt
Joe Bryan b1bc4b54f3 Merge branches 'jb/rnv-restage' and 'jb/rnv-fixes', remote-tracking branches 'frodwith/keccak' and 'botter-nidnul/release/next-vere' into jb/rnv-merge
* jb/rnv-restage:
  build: patch windows uv_pipe impl to allow null writes
  build: update pmnsh to support cachix text/x-nix-narinfo responses
  vere: renames terminal streams for clarity, removes unused uv_tcp_t
  vere: suppress null writes in term.c
  Revert "Merge pull request #4463 from urbit/m/next-gen-term"

* jb/rnv-fixes:
  vere: bumps versions
  vere: fixes crash (null deref) in comet booting
  u3: fixes printf in c3_assert()

* frodwith/keccak:
  jets: ice keccak
  working keccak jets
  urcrypt: fixing some typos - now builds
  Squashed 'pkg/urcrypt/keccak-tiny/' content from commit 9b438dc0f7
  urcrypt,jets: initial commit of keccak material

* botter-nidnul/release/next-vere:
  urcrypt: argon2 only optimize for x86_64 on x86_64
2021-09-24 18:05:37 -04:00
..
argon2
build-aux/m4
ed25519
ge-additions
keccak-tiny Merge commit '5513eaf62ae0e19ced43238537bdc81c97eda11d' as 'pkg/urcrypt/keccak-tiny' 2021-09-20 12:53:38 -07:00
scrypt
urcrypt working keccak jets 2021-09-20 18:38:10 -07:00
.gitignore build: gitignore urcrypt build results 2021-08-19 20:31:13 -04:00
autogen.sh
configure.ac urcrypt: argon2 only optimize for x86_64 on x86_64 2021-09-24 04:49:40 -05:00
liburcrypt.pc.in
Makefile.am Merge branches 'jb/rnv-restage' and 'jb/rnv-fixes', remote-tracking branches 'frodwith/keccak' and 'botter-nidnul/release/next-vere' into jb/rnv-merge 2021-09-24 18:05:37 -04:00
README.md
shell.nix

What is urcrypt?

urcrypt is a library of cryptography routines used by urbit jets.

Why is urcrypt?

Urbit's C runtime (long the only urbit runtime) has accumulated a collection of cryptography dependencies, some with custom additions or patches. These libraries have different conventions and have been managed by u3 in an ad-hoc manner. Reproducing that arrangement in other runtimes is tricky and error-prone. The (sometimes inconsistent) logic must be reproduced and suitable cryptography primitives must be found (or worse, written) for the new environment.

To ease these burdens, urcrypt isolates the quirks behind a consistent calling convention. Everything is a little-endian byte array, and each jetted operation has a corresponding function in the library. Jets simply unpack their nouns, call urcrypt, and pack the results.

What is a cryptography routine?

This is more of a subjective question than it might appear. Any of the following conditions are sufficient, but not necessary, for a function to be included in urcrypt:

  • The routine is sensitive to side-channel attacks (encryption, etc)
  • Some property of the routine is cryptographically useful (SHA, RIPE, etc)
  • The routine typically lives in a crypto library, for whatever reason.

A word on OpenSSL

Urcrypt depends on OpenSSL's libcrypto, which has global state. In order to avoid dealing with this state, urcrypt refuses to build with an internal libcrypto. Either build statically (pass --disable-shared to ./configure) or provide a shared libcrypto for urcrypt to link against. It is the library user's responsibility to initialize openssl, set custom memory functions, etc.