Commit 28a12868 authored by Drew's avatar Drew

Adding license; readme

parent ef01ce43
License for NaOH:
/*
* Copyright (c) 2015
* DrewCrawfordApps LLC
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
License for libsodium:
/*
* Copyright (c) 2013-2015
* Frank Denis <j at pureftpd dot org>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
\ No newline at end of file
NaOH (pronounced "sodium hydroxide") is a strongly opinionated Swift binding for the security library libsodium, a fork of DJB's NaCl.
NaOH is the sodium flavor trusted by Nitrogen, FISA, caffeine, and various other projects Drew works on.
# What opinions?
1. No return value checks required. All functions will (preferably) throw or (where that isn't possible) crash the program, rather than allow you to continue on your merry way when e.g. a key is invalid
2. Actively thwarts buffer overflow exploits.
1. Keys are protected by guard pages, increasing the chance your program will crash instead of giving up a key
2. Keys are locked down entirely when not in critical sections, increasing the complexity of an exploitable attack
3. Critical memory is zeroed-on-free, even with optimizations enabled. Although this currently isn't possible for the library's *inputs*.
# Releasing
We use libsodium's numbers, with a 4th section tracking changes only this project makes. e.g.
1.0.3.0
sodium--^ ^---us
Note that our API is incomplete and is subject to change. In particular, we don't follow semver.
We don't currently have any official releases, although we shold probably cut one. Open an issue.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment