Fast cryptographic networking for Haskell

NaCl (pronounced "salt") is a safe, high-speed, easy to use cryptographic library by none other than djb; the project was initiated by CACE. From their own homepage:

NaCl (pronounced "salt") is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools.

Of course, other libraries already exist for these core operations. NaCl advances the state of the art by improving security, by improving usability, and by improving speed.

This package aims to provide a complete, type-safe, and efficient Haskell binding that's just as easy to use.

Check out the features page to learn more about the design.

Want to learn how NaCl really stacks up to the crypto-competition? Check out the authors' paper, "The security impact of a new cryptographic library" (PDF.)

In the future, there are plans to provide a complete CurveCP implementation as well, built on top of this basic work. It's also eventually planned to include the NaCl reference source code with the package itself, for easier distribution and testing, but at the moment you must build the optimized library (see 'Install' below.)

Dependencies

Unix-ish OSs only (that's all NaCl supports.)

Currently tested on:

• GHC versions 7.0.4 to 7.4.1-RC1 and regular HEAD snapshots.
• Linux and Mac OS X (Snow Leopard.)

Almost all the code is Haskell-2010 compliant, and should be relatively portable. There are no direct dependencies outside of the libraries that ship with GHC.

Install

Just build in one step with cabal install!

    $ cabal update && cabal install salt

This will build the source code for NaCl - included in the source - and install it under a directory under $HOME/.haskell.salt. This process will take quite a while the first time, and will only be necessary when the underlying NaCl version changes. Don't remove this directory!

This step is needed because NaCl has a build process that benchmarks many implementations of itself and selects the fastest primitives. Many optimized implementations are raw machine-generated assembly code.

Currently, you must build by linking against the optimized versions of the various encryption routines. The slower, reference versions of the encryption routines written in C are not available for usage at this time. Future work will hopefully alleviate this issue, making the library more portable for some, at the expense of a lot of speed.

Caveats

Dynamic linking (GHC's -dynamic) is currently unsupported at the moment, as the CPU-optimized NaCl assembly code is provided in a non-relocatable form, and thus totally unsuitable for shared libraries. There is nothing I can do about this that will still preserve the high-speed CPU-optimized versions, short of hacking on NaCl itself. This will be possible to support using the slower, reference implementations written in C, however.

Documentation, benchmarks, coverage & more

• travis-ci.org results:
• Wiki (help and guidance!)
• Haddock documentation (extensive and thorough!)
• Criterion benchmarks (nearly 2.3Gbps on benchmarks; that's 4x faster than HsOpenSSL!)
• Library coverage from test suite (battle tested!)

Examples

Be sure to check out the examples folder on GitHub:

https://github.com/thoughtpolice/salt/tree/master/examples

Join in

File bugs in the GitHub issue tracker.

Master git repository:

• git clone https://github.com/thoughtpolice/salt.git

There's also a BitBucket mirror:

• git clone https://bitbucket.org/thoughtpolice/salt.git

License

MIT. See LICENSE.txt for terms of copyright and redistribution.

Authors

AUTHORS.txt

Contact

You can submit an issue at the GitHub repository here.

Other inquiries can be sent to me via email.